Sure, might as well hop on this train and explain to the community why this is useless.
Never use released detections for a reliable anti-cheat
So, first of all; A released detection should never be your primary source of detection, this is because released methods will always be patched by the cheat developers.
In making this post, you’ve achieved nothing and as a result, you’ve gained nothing. Hell even the title now says it’s patched, a day after it was released.
The detection itself is based on the client
Alright, so there is a few mad men who actually dedicate a lot of time and effort to stop hackers from the client, however, this is pointless. A hacker can do the following things to render your so-called client anti-cheats useless.
- Remove the script before it even has time to operate.
- Hook
__index
to return a fake-variation ofMessageBusService
- Hook
__index
to return a fake function for:Kick
- Hook
__index
to return a fake function for:Publish
avoiding error - Hook global
task.wait
to infinitly yield this specific script. - Hook global
pcall
to change the result of this error - Set script timeout to something low, stop the script from possibly crashing you
- Use Auto-Inject like the majority of exploiters
- There’s a ton more people can do.
How does the detection work?
This is my theory on how this particular release actually works;
You’re going to have to learn a tad bit about Roblox’s security levels, you can learn more on this thread
In short, the higher the security level you have, the more endpoints you’re able to call.
So, looking at the above script, the context level required to execute the API is 5; And the response error message should be something along the lines of:
The current identity (X) cannot ... (lacking permission 5)
However, when synapse does inject into the client, it not only allows exploiters to execute code but modifies the engine in small ways, for example merging the lines between thread identities or error handling.
In this case, synapse has managed to change the resulting error when attempting to call this function, and from this, you’re able to detect a change on a level that in theory shouldn’t ever be changed.
Creating more detections?
Based on this detection, and following through some more I’ve looked at. If you want to detect client injection (useless, but sure?) then you should make a cache of all endpoint results, and various endpoint data and then compare it throughout the game to see if anything significant changes.
In fact, if I am not wrong that is what people do, well at least the ones who think creating a client anticheat is a good idea.
Lasting thoughts
Just don’t fall for the idea that a client synapse detection will save you, it’s got more negatives than it does positives.