Question About exploiters

Discgolftaco231 · September 8, 2020, 3:35pm

U can also check if the parts are anchored.

Discgolftaco231 · September 8, 2020, 3:36pm

Your welcome! I am usually pretty good at this stuff, so if you need any help, just PM me!

TheEternalKittenLord · September 8, 2020, 3:37pm

Alright will do thanks (meow meow)

Hexcede · September 8, 2020, 3:47pm

Generally, the way this works is because of the server code that exists. I like to think of all of the code I use locally like it can be modified by exploiters, because this is basically what exploits do, they just modify or create new local code.

The reasons exploits like that exist is because of how the server code works. Remotes are something that is used in Roblox to have the client tell the server something, or vice versa.

Some exploits take advantage of that sort of thing within Roblox itself, because sometimes Roblox has some weird behaviours. For example, one of the lesser known but more common ones is that things inside of the Player’s Character can actually be deleted, and that deletion will replicate. Properties still won’t replicate though, just deletions. An example of how this is used is in an “Invincibility” exploit which deletes the Humanoid from the Character. Additionally, Tools with CanBeDropped as false can’t be dropped normally, but, Roblox still allows an exploiter to drop the tools (What happens if you make the tool CanBeDropped on the client? Should the tool still be droppable or not? It’s hard to decide how that should work).

If your remote does something, you have to think about how an exploiter could try and break it or use it. Some games might do something that looks like this in their code:

DeleteObject.OnServerInvoke = function(player, object)
	object:Destroy()
end

This is bad, because, this allows an exploiter to delete any object, even if you didn’t intend for any object to be deleted. So basically, you need to check if the player is allowed to delete an object.

This is what is referred to as “sanity checking,” which basically just means “checking if the things that you have make sense.” It doesn’t make sense if a player can’t do something but they did it anyway.

Likely, when the exploiter you were referring to was making parts in Arsenal, they were probably using a remote like this. This is hypothetical, but, an example of what could have happened, was that the game maybe sends some sort of visual bullet information to the server. If an exploiter changes the stuff that gets sent, or sends their own stuff, and the server uses it, it would be bad. Instead, what should be done in that case is that the server decides the visual stuff rather than the client sending it.

TheEternalKittenLord · September 8, 2020, 3:53pm

WOW THANK YOU SO MUCH!!! I am glad you gave a detailed explanation it’s very nice of you

Hexcede · September 8, 2020, 4:29pm

No problem!
I also made a post talking about specifically game security/Roblox anti cheats. It might be helpful to scan through. I’d also recommend looking at devhub articles on Remotes and other explanations too.