I don’t think it was created to last in the beginning, it just shows how insecure Synapse’s internals can be. Aztup’s fix (can be found above a few messages) works way better than enough as a third party patch. The actual patch just requires a change in the modified error string.
1 Like
Just an FYI. Even though it’s possible to detect exploits via their init scripts. Synapse V3 will be completely coded in C++ making most injection and/or hook detections useless.
It’s better to just work by doing things with security by design.
The only ways that a C closure can be called is either via a namecall or the direct function, nothing else.
Thanks for the code it worked for me now I’m safe 
I would avoid using string methamethods as exploits can hook the string __namecall
Also string methamethods are slower in Luau and less idiomatic.
Even though it’s possible to detect the namecall hook here, or just call the direct closure, all exploiters have to do is properly hook the function and the detection won’t work. It’s much better so practice a technique called “Security by design”, make sure that the client can only replicate things properly (and a bunch of other stuff too, which I’m not going to explain here)
So, what reason did you have to release this to the devforum? Do we live in a bubble where its (Devs vs. Exploiters so 3dsboy will never patch this method)? This looks great, and would be a good secret to keep, maybe share it to me and other non-leakers privately? Cause it’s about to be a wasted thread in less than a day when its just thrown out here, for tons of … devs. You gain nothing but losing a method.
Doesn’t matter if there’s a detection, you just wasted it, so 3DS will just patch it and everyone will still say synapse is the best executor out there.
3 Likes
Hello, as cool and crazy as this is, exploiters can bypass it using a wonderful thing called ‘autoexecute’. Also Roblox may or may not be patching this, we’ll see.
It’s not an issue with Roblox specifically so they won’t patch it. But Synapse will definetly patch this in in a very short time, at maximum 2 days.
1 Like
Yeah prolly, kudos to the dude who discovered this and released it though.
There is another way to prevent deletion, simply have a script clone the local script and paste it in and if it does catch the player… kick them; if it doesn’t, disable the script then delete it and do this ever .05 seconds. I’ve used this method to prevent certain issues before; plus you could easily fix whatever issues are happening by fixing the positions/sizes and so on through a local script.
I never used or even heard of MessageBusService before and not much info available on what it exactly is about even in roblox’s API reference, so what it is about?
Why are you using task.wait() instead of RunService.RenderStepped:Wait(), or does it not matter in this case?
It’s an internal service, only accessible with Roblox corescript permisisons (or whatever context level 5 or 6 is).
What this script does is check if the error message is different than normal. Normally calling anything from it would cause an error saying that the context level is too low to access it, but Synapse has hooked it improperly so it causes a different error to appear.
The reason Synapse has hooked it is because of security reasons, people paste exploit scripts to Synapse, but some of those scripts may be malicious, so Synapse protects it users by making the exploit scripts not be able to access it, but when it’s done improperly it can be detected.
For exploit scripts it allows to do certain things which may infect the users PC, this is why Synapse hooks it.
1 Like
Why wouldn’t you use task.wait()?
Already a patch script for it, no use in wasting time on exploit detection, it’d always be on the client and exploiters will patch.
1 Like
Great idea to post yourself owning synapse & using it on the roblox devforums
12 Likes
GOD THANK THE QUEEN,
actually useful for script kiddies
this makes me wonder… why doesn’t roblox, if they already don’t want to do anything against exploiters themselves, make every core system variable at least read-only? that way we would be able to properly patch out exploits and injections on our own
Unfortunately for you, it was already patched.
2 Likes