I’m making an attempt at developing a tool that administration/developers of games can use to actively and in real-time, catch cheaters/exploiters using Player/Humanoid ESP’s, Aimbot scripts, Hitbox Expansion, and other forms of illegitimate programs to enhance their game play in various combat-related games on ROBLOX. This should include swordfighting and gunfighting in all styles (FPS, 3rd person, mouselock, et cetera).
The point A to point B goal is to have this tool mimic the most analog form of input from, say, Player1 to Player2 and display it on Player2’s client. This isn’t meant to be a way of auto-banning people, as those systems can be tedious to tinker with and ultimately lead to false positives on extreme ends of their spectrums without some serious data analytics. The tool is meant to be similar to CS:GO’s Overwatch system, yet used by an administrator currently in-game with the person, not recorded.
The issue I’m wrestling with is how to best design the system itself. It appears that most clients’ systems can handle repeated RemoteEvent FireServers, sending lots of “JSON”-style information to the server on Heartbeat, but some clients lag and the information is pretty easily spoofable or just outright deniable (given you know what you’re doing). With that being the case, a person is the best kind of firewall to this issue, yet some limitations come with the software.
Server turn around time causes Camera CFrame lag, so CFrame:lerp() has to be used constantly to update, with it still not looking all that great. UserInputService:GetKeysPressed() and UserInputService:GetMouseButtonsPressed() make an awkward system of presenting what keys are being used by the “Suspect” at that current time and can be annoying, and depending on the system, laggy, to have a history of such things listed. Hitboxes, or the size of a client-sided part being sent to the server is hard to look-up because you’re unable to send mixed data-types across the client-server boundary, and the list goes on.
I suppose what my question would be is:
What would be a recommendation, framework-wise, if someone were to try and mimic the analog forms of input (ping, screen resolution, mouse’s position, buttons being pressed, keyboard keys being pressed, camera’s CFrame, other Character’s BodyPart Sizes) from one client to another and represent them in an accurate, efficient, and secure way?
I understand that ultimately, if someone knew what they were doing, they could very easily not partake in supplying information, or spoof the information. However, increasingly so, I’ve found it quite difficult to think of anyone who would be able to type out this information by hand that looks even relatively normal and fool a person with experience in these formats.
Examples of work currently done:
https://i.gyazo.com/3012aab939bffe4f921a86dfe0953f80.mp4
Edit: Moved to a more proper topic sub-forum