Preventing a module script from accessing descendants that arent parented to a specific instance

Help and Feedback Scripting Support
#1

Hello, so I am making a game that is a fangame of windows, and it is going pretty good. Except I am worried about people stealing my scripts. I have already implemented a system that would prevent injections of local scripts but I don’t know if it works (the script is a local script that deletes any new local scripts that have been added to the game)

local maxstrikes = 4
local strikes = 0
game.DescendantAdded:Connect(function(de)
	if de:IsA("LocalScript") and not de:FindFirstChild("Official") then
		de:Destroy()
		strikes+=1
		if strikes == maxstrikes then
			--kick the player after they reach a certain amount of strikes
			game.Players.LocalPlayer:Kick("Our anticheat has detected the presence of a new Local Script which could hint at an exploit attemp. DO NOT CHEAT.")
		end
	end
end)

This should work, however I don’t have a way to test it.

Now, the reason that I’m here is because I am making a way for people to program their own applications (if they know lua ofcourse) and I fear people may try to access my module scripts that run the entire system. The way I want to prevent access is to let the script that runs these programs first scan the program’s module scripts to check for any code that shouldnt be there before the program gets run. If it is clear then the program will run.

Any ideas?

#2

I am pretty sure exploiters inject it directly into CoreGui, I might be wrong but I have heard about this topic before so this script won’t work as scripts (unless plugin) can’t access the CoreGui.

#3

Dang, I didn’t think of that. But isn’t that easy to fix? I mean ROBLOX has control over coregui and corescripts, so they should be able to detect if an intruder script is entering?

#4

They have byfron, which barely works on Android systems that allow this. Yes they can easily detect this but byfron is controlled by ROBLOX themselves so it really depends on them. You can add anticheat for the server but there is no anticheat for the client unfortunately as exploiters can just delete the client-side anticheat.

#5

But then that means the anti cheat wont do anything because if it cannot find the scripts that are being injected well, then its useless

#6

This means when I’m done with the game I am gonna wait until roblox finds a solution to exploiters and THEN I will upload the game (after I verify their solution works)

#7

ROBLOX has access to CoreGuis so they can find them (unless you are talking about a custom anticheat). I believe they also detect it when you are launching roblox, but again this doesnt work properly on some devices.