Ah I see. Well if that is the way the code works then the devs of synapse should be able to fix this issue quickly ngl so as soon as they find out about it this code will be useless.
2 Likes
the method detects whether the :Publish() error is not the one expected (should say “cannot Class security check” and not “cannot Publish”)
See:
why didnt u keep it a secret so it wouldn’t get patched in like 3 milliseconds
1 Like
Script below in auto-exec + auto-attach/auto-launch completely bypasses the solution. (As I’ve been told, it’s a lazy-fix but whatever :u)
local mbus = game:GetService("MessageBusService")
local old
old = hookmetamethod(mbus, "__namecall", function(Self, ...)
if Self == mbus and getnamecallmethod() == "Publish" then
return wait(9e9)
end
return old(Self, ...)
end)
2 Likes
Synapse devs would have found out regardless
There are ways to fix this considering you don’t check Self
there’s ways to bypass your quick patch as well (and force the error to still happen)
Here’s a way to patch the provided detection, it isn’t 100% security
local MessageBusService = game:GetService("MessageBusService")
local OldIndex
OldIndex = hookmetamethod(game, "__index", function(Self, Index)
if Self == MessageBusService then
return error("The current identity (2) cannot Class security check (lacking permission 5)")
end
return OldIndex(Self, Index)
end)
local OldNamecall
OldNamecall = hookmetamethod(game, "__namecall", function(Self, ...)
if Self == MessageBusService then
return error("The current identity (2) cannot Class security check (lacking permission 5)")
end
return OldNamecall(Self, ...)
end)
``
2 Likes
It’s a lazy fix, you can call it via __index as well, it works for the current script and I really can’t bother for anything else as there’s a ton of ways to call it.
local MessageBusService = game:GetService("MessageBusService")
if not pcall(function()
MessageBusService:GetFullName()
end) then
end
Thanks for the amazing detection method that will definitely not be patched soon!
It’s for the demonstration of how it can be bypassed with ease. It’s not supposed to be a full work-around, let alone a final bypass.
There are other methods and it’s still possible to break into Synapse (V2)'s environment without much work (excluding the require method). I just wanted to show how insecure they are.
MessageBusService??? whats that??
Sadly exploiters can easily bypass this by running this in their auto execution folder.
local blacklistedNames = {'publish', 'Publish'};
local isA = game.IsA;
local oldIndex;
local oldNamecall;
oldNamecall = hookmetamethod(game, '__namecall', function(self, ...)
local method = getnamecallmethod();
if (isA(self, 'MessageBusService') and table.find(blacklistedNames, method)) then
return error('The current identity (2) cannot Class security check (lacking permission 5)');
end;
return oldNamecall(self, ...);
end);
1 Like
this is yet again easily bypassable and most exploiters currently don’t know about this detection and therefore won’t randomly have that in their autoexec
I don’t think this is “bypassable”
what if i pass in a non-Instance self 
1 Like
Sadly once again Synapse has something called Arg-Guard which will just not call this function if you give it any invalid arguments 
there’s still another way to bypass your patch but whatever (just tested it)
Yeah Synapse just going bypass it in probably less then a day, exploiters already found a patch thanks to synapse x functions