Sounds interesting. Well, I don’t really have anything else to say atm. Thanks for the lil code snippets and explanations!
2 Likes
You will have your mind blown if you check out that chatmodule library it has a machine learning library and concepts you could apply to your application. It’s meant to be easy to understand
3 Likes
I think I’ve already had my mind blown. Not even sure I’ll be able to comprehend a single thing without a thorough explanation!
I’d love to check it out sometime in the future. Just not today lol
1 Like
The function names are very descriptive. I tried not to drive myself crazy with bad naming conventions.
2 Likes
Me too. Whenever I look back at my couple years old scripts, I cant really get the gist of them because of the way I named my variables. Now I name all my models, function, variables and stuff with descriptive names
1 Like
They’re not lying lol, I myself have seen and made it first hand aswell as execution detections, you can keep lying to yourself but don’t spread misinformation please.
1 Like
parenting an actor to nil will make 0 executors able to bypass since it wont appear in gc, reg, or anywhere and if in replicatedfirst they are even more screwed since they have slow auto execute + getactors isnt implemented in any right now
2 Likes
Although this may be true, this doesn’t make an anti-cheat even remotely close to non-bypassable. Making use of actors is great considering that no exploit has support for it however you would have to make sure your detection methods are not hookable which in most cases is not possible.
Another major issue is using strings in your anti-cheat as those can be found in upvalues or protos and then your thread can be referenced.
Just an FYI that Synapse has support for actors however it is currently down so for now developers can consider it a safe hiding method for their anticheats.
1 Like
you realise actors are clean? game wont be hookable from outside, the functions wont be and for that they need to get the instance referenced, and synapse getactors doesnt work on nil actors it will just crash or not find it however auto execute on syn can
1 Like
I’ll just put in a say that you can partially trust the client, mainly to combat bug abusers and slowing down the advance of exploits.
A properly working client and server anticheat can work in unison to deliver the best possible exploit-free experience! There’s nothing wrong with trying and risking new stuff to discover something new.
2 Likes
If you can explain how, I will have massive respect
collectgarbage(), framerate, ContentProvider:PreloadAsync(), UserInputService:GetFocusedTextbox(), #tostring({math.huge}) >= 10
You must be glad, that It’s down rn, if you saw v3 documentation you would realize that It’s literally a monster, at this point It’s abusing the client lol
So yeah, whatever v3 comes back, server sided will be the only option I guess, or server character authority, unless you know a lot of things about the client
It’s not about the executor itself injecting it’s about what their init script does that makes them detectable, exploiters need their init script for the following reasons:
- so executed scripts have an env
- to patch vulns such as MessageBusService
- to add custom functions to the env
I won’t go into detail about it too much but there are multiple methods to detects this script wether it being added into game memory or what the script does (I.E. what it hooks)
a game with execution detection implemented: game
1 Like
Most UWP executors leak their environment when using hookfunction or hookmetamethod so It’s possible to detect them by simply forcing an error with xpcall
Yeah I’ve seen V3 documentation, it is what many would consider “the ultimate exploit”. When V3 does roll out to the public (which will probably be in the next few months), Roblox will most likely default back to the forcing of server-sided anticheats.
Hey,
Just to clarify: Roblox never sends the raw source code of client-side scripts. What’s sent is bytecode. In this bytecode, most function names, variable names, and their parameters are already stripped away. Local variable names are completely removed.
When it comes to turning the bytecode back into a Luau script (decompiling), most exploits can’t do it. Script-Ware can show you the bytecode, but can’t convert it back to a .luau script. Synapse could, but it’s offline to the public right now.
If you’re thinking of adding another layer of obfuscation like using minifiers, or obfuscators, you’re basically wasting time you could better spend on developing your game.
1 Like
Can you clarify a bit more on this?
1 Like
Preloadasync false flags now and UWP check won’t last much longer
These are one of the more “commonly” known methods of detecting injections/script executions. This is pretty self-explanatory.