[PATCHED] Detect Synapse X on injection with this one simple trick!

Sure, might as well hop on this train and explain to the community why this is useless.


Never use released detections for a reliable anti-cheat

So, first of all; A released detection should never be your primary source of detection, this is because released methods will always be patched by the cheat developers.

In making this post, you’ve achieved nothing and as a result, you’ve gained nothing. Hell even the title now says it’s patched, a day after it was released.


The detection itself is based on the client

Alright, so there is a few mad men who actually dedicate a lot of time and effort to stop hackers from the client, however, this is pointless. A hacker can do the following things to render your so-called client anti-cheats useless.

  • Remove the script before it even has time to operate.
  • Hook __index to return a fake-variation of MessageBusService
  • Hook __index to return a fake function for :Kick
  • Hook __index to return a fake function for :Publish avoiding error
  • Hook global task.wait to infinitly yield this specific script.
  • Hook global pcall to change the result of this error
  • Set script timeout to something low, stop the script from possibly crashing you
  • Use Auto-Inject like the majority of exploiters
  • There’s a ton more people can do.

How does the detection work?

This is my theory on how this particular release actually works;
You’re going to have to learn a tad bit about Roblox’s security levels, you can learn more on this thread

In short, the higher the security level you have, the more endpoints you’re able to call.
So, looking at the above script, the context level required to execute the API is 5; And the response error message should be something along the lines of:

The current identity (X) cannot ... (lacking permission 5)

However, when synapse does inject into the client, it not only allows exploiters to execute code but modifies the engine in small ways, for example merging the lines between thread identities or error handling.

In this case, synapse has managed to change the resulting error when attempting to call this function, and from this, you’re able to detect a change on a level that in theory shouldn’t ever be changed.


Creating more detections?

Based on this detection, and following through some more I’ve looked at. If you want to detect client injection (useless, but sure?) then you should make a cache of all endpoint results, and various endpoint data and then compare it throughout the game to see if anything significant changes.

In fact, if I am not wrong that is what people do, well at least the ones who think creating a client anticheat is a good idea.


Lasting thoughts

Just don’t fall for the idea that a client synapse detection will save you, it’s got more negatives than it does positives.

3 Likes

Roblox uses a namecall for calling instance methods, so this wouldn’t technically work. What a namecall is is an internal optimisation by Luau. (You can read about more about it here Performance - Luau), so they would have to hook the namecall instead (or just the raw function).

2 Likes

I agree, I made a slight oversight when creating the topic because it was rushed :smile:

__namecall is for the : operator being called on a service method
__index is for getting/indexing an object

Some of the points made in your posts are sadly false. But this does not invalidate your post I do like the insight that you provided that client-side exploit detection is never the way to go. It is much better to secure your game with proper server-side methods instead of using hacky client methods. Preventing the injection of a exploit client should never be a large part of securing your game from exploiters as a whole.

Things can’t really be done to patch it easily, there are thousands of exploits and some of them use more advanced methods. You kinda can’t really ever patch things on the client as people will always find out how to manipulate it

1 Like

thanks for your descriptive and informative post sir but i regret to inform you that you were 8 hours too late to make any meaningful change related to the situation. i also thought it was obvious to the average person what the motives behind releasing a public detection are (surprisingly it isn’t to get people to actually use it in their games). this method could’ve as easily been obfuscated, given to massive game devs who have an infestation of cheaters, edited to silently log people and then used to cause actual damage by performing ban waves (which is what was done with the most recent public metamethod hooking detection method before it was released).

this is incorrect; the method relies on the fact 3ds is dumb and uses outdated/inaccurate error messages to stop his users from calling dangerous functions (this exact technique has been performed back in 2020 using marketplace functions instead).

i wish you better luck on your writeup about this year’s prompt tho!! :woozy_face:

thanks for your descriptive and informative post sir but i regret to inform you that you were 8 hours too late

And?

this method could’ve as easily been obfuscated, given to massive game devs who have an infestation of cheaters, edited to silently log people and then used to cause actual damage by performing ban waves

Agreed, except that didn’t happen, maybe it did, point is you still made this post which would render the actual exploit detection itself useless.

What I said;

a change on a level that in theory shouldn’t ever be changed.

What you said;

this is incorrect; the method relies on the fact 3ds is dumb and uses outdated/inaccurate error messages

Let me explain it differently, a change on something that nor CoreScripts & UserScripts can or would change, so yes, the error message is something we cannot change as thats more on the C++ side of roblox.

i wish you better luck on your writeup about this year’s prompt tho!! :woozy_face:

Thanks? :wave:

3 Likes

Nice detection bro!! only took 4 hours for syn devs to patch :grinning::grinning::grinning:

8 Likes

Yep! If I was the only person who had this detection, it would never get on the devforum nor would it ever get patched. But, this is what happens when just anyone can have the rare detection. It’s now a wasted thread and a wasted method. 4 hours of temporary detection for everyone and now it’s gone.

Nice job bro wasted an entire detection

This frustrates me, I mean roblox is a billion dollar company, and I don’t know why they won’t invest in creating an anti cheat. They made it look more realistic, and made features that we honestly don’t need(my opinion.) The developers are the one making this platform work, and when the game you made is flooded with exploiters it demotivates and makes you abandon the game you worked hard on. Sorry if there is a run-on sentence.

1 Like

Sell the script to big companies and studios, make money and hide it from syn developers :x:
Expose it to the public so the devs patch it immediately :white_check_mark:

13 Likes

It’s Roblox’s role to enforce Roblox’s rules. If developers’ rules differ from Roblox’s rules, it’s up to developers to enforce those rules. If I run a game where I prohibit spoilers for popular movies, that rule is my job to enforce. Modifying your client to cheat at games is against Roblox’s rules, so it’s Roblox’s job to stop people from doing it.

Not everything is just magically “developers’ responsibility”, especially when Roblox has more money, information, and control over the behavior of clients than individual developers do.

9 Likes

My question is: why don’t the developers of these script executors fuzz every roblox function and check if the error messages are different between a normal roblox client and an injected one?

Script executors bugs of this nature have seemed to have been discovered for years.

You talking about stack tracing? Most executors (including Synapse X) have dedicated functions implemented for the specific purpose of rerouting the stack/scope to make the error messages less sus and to mitigate those recursive getfenv() checks inside trivially accessible data containers such as modules and getrenv().

Its sad that this was patched but they print that its injected?

1 Like

We need to keep In mind that exploiters have FULL ACCESS to their client, making “anti-injection” would ONLY IN SOME CASES be useful, I’m saying this because some executors especially the ones that are free wont have a way to bypass these types of scripts.

But either way I support what you’re trying to do!

dont code something like that :frowning:

1 Like

why yes they can delete it if they know where but if they cant even inject it to open dex or whatever how would they know where it is??

Ok. so, it’s called using a different executor to do that job. They can use another executor like Scriptware which has never been detectable compared to Synapse.