I quite honestly don’t know which category to place this, and I apologize if I do anger some, but recently my game that I mostly coded has been hit hard with a somewhat powerful exploit that entirely unanchors every part/model/models in folders in the Workspace. I have no idea if any small or large developers have encountered such an exploit, but, again, it essentially unanchors all the parts in my Workspace, breaks each part into small chunks creating massive lag, and as well playing glass shattering sound effects.
What am I asking from the DevForum here? I’m asking if anyone, I mean anyone, has encountered such an exploit within the past month or so, and if any developer has even a clue into solving, detecting, and/or even preventing such an exploit being executed.
Also, whatever exploit or executer is being used (I have reason to believe it maybe have been used through SynapseX), I have a strong feeling it may be done Server-Sided, and then replicated to the Clients.
P.s. This is my first topic, and I’m not sure any great format to follow, or if I’m asking for too much here. Also, I am willing to explain my game and/or code that uses remotes.
EDIT: I should mention that this exploit is being conducted by a single individual using multiple hijacked/stolen accounts, ranging from as old as 2009 to as young as 2020. I cannot figure out how to stop this individual from directly targeting my game.
Believe me, I honestly have 0 clue, 0 ideas, nothing at all on how it is even possible. I know RemoteEvents get serialized, which should destroy passing functions, and I am 90% confident my remotes are secured. I have FE enabled, always double check before publishing, and I don’t really see how it’s possible. I did have reason to believe it may be a “backdoor”, since I’m using the original HD Admin directly from ForeverHD, althought it can’t exactly be HD Admin, unless I am mistaken since the module is open-source
If there really aren’t any remotes that I anchor/anchor parts and you are confident that your code isn’t backfired, I would check again.
Maybe attempt to make sure that HD Admin you have doesn’t have any back doors, and if you need to possibly delete / edit scripts you haven’t made / know about.
it’s either a remoteevent being abused that not secure for example a remote that make true and false and the part in argument without any checks in serverside if it’s allowed or not or a backdoor you can search in studio via Ctrl + Shift + F and search these keywords “require” and “getfenv” or a plugin that is a virus or a module being abused to make stuff like gun module for example
This might not only be HDAdmin but there is a model where it executes itself a require and inside the require there is a virus that infects your game. So If you try deleting the virus then It’s gonna clone itself until you delete the actual model.
The only things I did not code myself is an FE Gun kit, since making my own would take some time, originally from Thein (I dont remember the exact username) and HD Admin by ForeverHD. My code I originally wrote definitely does not have “backdoors” or ways to allow exploits to unanchor the workspace, I am very confident about that. I’ll double check the HD Admin and my plugins I have currently if it’s allowing a backdoor through.
Also, my RemoteEvents are very basic, I have a Remote that handles Punching or Running in-game, it only checks for a String that says “Punch” or a bool if they want to Run or not.
EDIT: I should mention that this exploit is being conducted by a single individual using multiple hijacked/stolen accounts, ranging from as old as 2009 to as young as 2020. I cannot figure out how to stop this individual from directly targeting my game.
Is it possible that this gun kit includes a feature where shooting at glass can cause it to shatter? It’s possible that your gun kit has this feature, and that’s what is being exploited.
Yes it does, i believe it shatters parts if it’s transparent and/or with the name Glass, I need to check the code on how it determines it. I checked the audio that gets cloned and it sounds eerily similar to the sound used when the exploiter broke the entire map.
And again, yes it’s an FE gun kit I took from the toolbox, I suspect it may be spoofed
Have you inserted any free models into your game? You might have to check every line of script that you have, because the way most exploits work is they use backdoors.
I do not remember the exact username, but the model did have a high number of thumbs ups, I’ll search for it again
Also, im starting to notice that whoever this exploiter is, may be using a replicated module that is required by the guns to shatter glass, which is being used to shatter workspace parts, ill investigate further
I think I found the gun kit you are using, or at least a version of it.
local RE_S = game.ReplicatedStorage.Remotes.ShatterGlass
RE_S.OnServerEvent:connect(function(player, hit, pos, dir)
if hit then
if hit.Name == "_glass" then
if hit.Transparency ~= 1 then
At first I thought these checks can be bypassed simply by making hit a table, but then I got to this line: sound.Parent = hit
Which would require it to be an Instance (it can’t be nil because there is a check for that above). So do you have any parts in your game that are actually named _glass? If so, that could be exploitable. Or perhaps your version of the gun kit is not the same one I found and has different vulnerabilities.
I also found a script called IcifyScript that uses the sound rbxassetid://3622822508. Is that the sound you are hearing? It appears to be a different asset ID than the sound used for glass shattering.
I am using theinbao2109’s edited FE gun kit, since I found it to be easy and reliable.
The code is similar, but still different, here is the nearly exact same portion:
local physicEffect = true
local GlassShattering = require(game.ReplicatedStorage.Modules.GlassShattering)
local RE_S = game.ReplicatedStorage.Remotes.ShatterGlass
RE_S.OnServerEvent:connect(function(player, hit, pos, dir)
if not hit then return end
if hit.Transparency == 1 then return end
if physicEffect then
local sound = Instance.new("Sound", hit)
sound.SoundId = "http://roblox.com/asset/?id=2978605361"
sound.TimePosition = .1
sound.Volume = 0.3
sound:Play()
sound.Ended:Connect(function()
sound:Destroy()
end)
GlassShattering:shatter(hit, pos, dir + Vector3.new(math.random(-25, 25), math.random(-25, 25), math.random(-25, 25)))
It continues on down below, but I can see this fails any real checks. If so, then I can see this is the exploitable point of the Remote that I was unaware of.
…Which is the “exploit” I believe I am encountering…
Yeah it looks like that version doesn’t check the name of hit which makes it much more vulnerable. I would still also check the IcifyScript sound if your version includes it, since you say the sound is “eerily similar” to the glass shattering sound (but not the same I assume).
Nope, I tested the sounds saved in there, they sound old and not the same I heard that played when the map “fell apart”. That sound ID above does sound almost the exact same sound when the game was exploited.