Congratulations Sherlock. You figured out something every programmer already knows. This also isn’t “100%” secure - remote loggers exist where the client can intercept things sent and received through events. Pre-Byfron this wouldn’t work for advanced exploiters.
You should stop arguing with someone so blatantly trolling, just report and move on, no need to waste time entertaining this guy
The person actually talking about dex explorer says they can see local scripts here… Also its not like dex is the only exploit possible.
oh youre right sorry XD thanks
The DEX explorer is capable of viewing and decompiling local scripts. In this case you could just look for the client sided script that fires the event with the passcode and then do it yourself when you view the script using DEX and find the code out.
Not to mention the amount of remote logger exploit softwares that exist which can directly intercept and read incoming and sent data in remotes. This isn’t secure at all and won’t be until Byfron is completely rolled to all devices… until a bypass is found in future.
I just read the thing and it says nothing about remote events lol
so then you use a different exploit that can
You can right click on scripts and are provided with the option to view them and others.
This is widely public information you can find by simply searching for it, as well it has been discussed before on DevForum.
An exploiter can inject a script, which loops through and reads all remote events, and all remote signals sent to the exploiter’s client from the server. They can connect to all the remote events with the injected script.
They can inject exactly anything other local scripts can do, which is loop through and read remote event signals.
I would like to refer back to my original reply which provides other possibilities for securing remotes, although are neither true solutions. You just have to make sure the server checks and modifies things, not the client.
I don’t think he gets the hint of he clearly just isn’t knowledgeable in this area. Don’t bother wasting your time trying to explain it to someone in denial and chooses to not understand it regardless of how many times it’s explained to them.
This is not new and really isn’t secure. Exploits can read what arguments you send and can see the calling script’s bytecode and reconstructed source. Nevertheless, this is obsolete.