You can write your topic however you want, but you need to answer these questions:
What do you want to achieve? Keep it simple and clear!
The API and this forum section is such an amazing resource I always have found the answer to my scripting troubles before resulting in a post, but this is such an obscure subject I have found very little on it. While often this format is not used, I am going to include the two sections for simplicity and this is my first thread/post.
The sum of what I am attempting to do as a challenge and two useful end results is create a script that results in a player being impervious to any possible effects via another script. This is not generally intended for a multitude of reasons, but the character or object piece is possible with enough knowledge through duplication(you cannot avoid destroy under any circumstance it will search the game to remove any descendants no matter what was used).
The obscure subject becomes involved within the network as per the title. Once the kick function is called on a Player, your connection to the server is fully closed. You cannot delete, parent, rename the Player or rebind controls to make it work, likely to prevent exploits. That leads me to my current most promising solution that has left me perplexed still in questions.
What solutions have you tried so far? Did you look for solutions on the Developer Hub?
This is where it gets into looking at Messaging, Chat or Network Services and looking at all the events or functions. A very intriguing use of either of chatting services allows for communication between servers or Studio to Server communication via http service.
However, this does not fully prevent a kick unless used through Studio, and you are limited in the use of your character to what was scripted in this state even in Studio. This is always the case that your are limited to what was scripted, but this method alone may not leave possibility for a normal character in a server if wanted before being kicked.
Also, I do not fully understand whether a Client or Server Replicator is necessary to allow this to work especially outside of the current game. Client or Server Replicators have little information on them and I read were recently tightened down due to exploits as well, meaning all the restrictions Players have they have as well. Any of the functions involving the network services are not even subtly apparent on to how this is possible. Http used by these means has little example information as well.
The main scenario that prompted these series of questions was from another personâs apparent manipulation of Replicators or something in the NetworkServer service to actually achieve this. How did the player remain in the game even after a successful kick() while they were even in the same server as it fully disconnects them? How would you use http service in the beginning to create this connection outside of the game? Can you successfully use a Replicator with or without a Player via other means? There are events like Player Removing or Descendant Removing that can do actions before a kick but I still do not see how it is possible with the limitations. I would really like some clarity on this, I am sorry if I have become a little jumbled in my writing as I have become very familiar with the topic its been a lot of different information I have been scouring over so I am sure I have missed summarizing/including something.
I appreciate anyone reading this paragraph and any responses. I have been fine combing everything involving this that was out there for a while now and constantly testing on my own and feel no closer to figuring it out, finally resulting in obtaining New Member status just to make this thread. I can clarify anything involving the situation to provide context or provide links besides how certain parts of it are done(which is what the thread is on ).
Connections are a two-way thing. I doubt somebody managed to bypass a Kick unless it was triggered locally and therefore the server never got to know about the request.
If the Kick request was server side, the server would terminate connection to the player. I highly doubt youâd be able to stop this, regardless of what you choose to do on the client. If the server refuses to send any more data to a client, then youâre cut off. You might be able to survive in your own little local world, but nothing more.
You canât do anything with the replicators directly from your scripts, hence RemoteEvents and RemoteFunctions being created to allow you to communicate to and from the server through scripts without needing ValueObjects or anything else.
For a person to affect their replicators on the client, they would need to be exploiting. I highly doubt youâd get a detailed answer of how to do that here on the devforum.
Now, the old hacky method of âkickingâ where instead of actually kicking the player, you just deleted the Player object, I believe used to have this kind of issue. Iâm not sure if the issue still exists, but it shouldnât matter if you kick properly using the built-in method and not some old âadmin scriptsâ for example.
Yes, the old hacky method of deleting the Player object was the patched method to which I was referring to(besides exploits).
Indeed what I had found was that you cannot reference the replicators in any way through scripts, and yes you are completely cut off if a Kick is called upon even if it is via local(unless I have tested this wrong).
Yes, RemoteEvents and RemoteFunctions are used to send information between the server and client of a function necessary to perform that cannot run or is better suited on the local or server side, but I do not believe it would allow this possibility but perhaps compliment its capabilities.
It is possible that they were exploiting to delete their local Player or Replicator, but they seemed to specifically reference how they were using a ServerReplicator to continue to communicate to the server. Their Player and Character were non existent but they had a drone that they were controlling outside of game either through Studio, another game, or from the same server after being kicked. They did not avoid the kick being called upon their player when they were in the server you cannot, but they have a means of continuing communication to the server which is what I wish to find out, through the http service, chat service, or NetworkServer service. But specifically, I wish to know how they utilized the http service to do so between games if possible or continued connection to a server after a Kick, because they certainly were able to remain in the server through the drone without a Player. If this is not possible or not possible without exploits, I will simply look into the previously stated between server methods.
If this is the case, then I suspect some form of back door. Many popular admin scripts have them, either intentionally or otherwise, so it might be worth a quick trawl for any unfamiliar code in your game.
If thatâs not the case, then maybe youâve discovered something new. Iâve never heard of anyone controlling something from outside the game without a backdoor. And I donât think any exploits could inject such a thing once the game is already running unless you have ExperimentalMode on, or there is already part of the backdoor in place.
Experimental Mode I believe is disabled and cannot be enabled, But man I should clarify. This is not referencing any specific game, this is just a script I wish to create as per the original post in the thread, through any means necessary except exploits with anything enabled(loadstring, http, etc). It was not a backdoor for the game in question because scripts were allowed to be created and run by anyone by default, I âsimplyâ(not very simple at least for me!) wish to know how it was done by the script. I believe this would be a massive security breach if exploits could actually create this by system injectors as you certainly need server scripts, but I donât believe they can(besides they would simply delete their Player or client replicator as they have elevated privileges to do if it still works to prevent kicks(I believe they get enough to delete it as per the command bar or Studio can)).
I see. Well to control something through HTTP service youâll need a web server. You canât create sockets so youâll have to constantly poll the server to get the latest data if itâs something dynamic.
For the drone example, that server would respond with information about the direction of movement that the drone should go in.
But it would be an excessive number of calls and I imagine Roblox would cap it at some point.
The code that youâd need to run or inject would basically be a bodymover that gets its property updated with the response from the web server. Is that what you were after? Apologies if I misunderstood the earlier questions.
Its alright, its likely that I was not clear enough with my initial information. Yeah, this is what I would imagine it would be like, once kicked or something is ran in the different game it likely uses http to poll the server which effectively avoids the kick via the new drone. But the main component that confuses me is how is this done without your client being connected to the server? How does the http service gain access to the server without your client, does it somehow use another client or hijack another Server Replicator if you truly cannot normally manipulate the Replicators in any way? How does it convey normal control over the drone without any of the other systems that having a Player in the game normally manages? Wouldnât the amount of data needed be too much to manage and transfer as you have said?
Without the client it needs to have been injected to the server and it needs to be the server doing the HTTP requests. If the server runs loadstring then that would be very easy to do, but without it the backdoor would need to have the ability to do the requests.
The amount of data per request would be quite small, the issue is the frequency of the updates. Less frequent would be fine, you just wouldnât be able to stop the drone from crashing, for example, as the time to react would be slower.
Thank you again for all these responses! It looks like I am going to have to take an in-depth look at web server material to fully understand it, which I have been semi avoiding as that has always appeared as a completely different element to learn well enough. I hope it has a bit more information(guides and such) on it than the network services and it actually works as everything else has been blocked, a dead end, or cannot completely avoid a kick. I will mark your previous comment as the solution for now, unless anything changes!