Hi, so recently i decided to start development of an anti cheat, I want to try detecting injection on roblox, but I have no idea where to get started. How can i detect an executor in my game?
(this is just my thoughts)
Some devs claimed they were “able to achieve it”, idk, out of my league…
I prefer to trust Roblox engineers that will do the best they can to patch anything they can over time, and placing specific security/sanity checks. Taking in count specific behavior that should not go out of the limits of what I know its possible on each game/place.
I tried many weird stuff… like “injecting” remotes fires in clients for reading their client scripts, guis, and stuff, even if they delete it on childAdded, theres a chance I get a response on server to verify everything still normal on them. As usual tracking/measuring positions, looping set properties, increase level of “risk” per player the more weird stuff I find in them, like measuring weird stuff/behavior that should not happen.
Warning them if Im reading unusual behavior, to see if they stop, or increasing the risk level until they get kick.
I think, that the majority of the exploiters really dont know what they are doing, so its pretty easy to catch them. The other low percentage probably theres no way to catch them… so… rely on Roblox engineers that eventually could fix it.
Yes of course, I do focus on the server side of the anticheat, its just that this is an interesting topic, ive seen it done before so thats why im asking
The real issue is that often the low percentage creates the exploits for the high percentage and advertises them through servers outside of the platform. So it becomes a cat-and-mouse game between devs who make sneaky client-sided checks and anti-devs that reverse all their checks and find loopholes(since you can’t really trust the client). Although that doesn’t mean we can’t have our piece of fun in the process
And obviously server-sided checks are the way to go, but adding a few client-sided ones is a fun way to calculate the determination of your game exploiters by checking the time it takes for them to figure it out and counter it.
Yeah weird ideas to have some fun, just for fun.
I hope I was not misleading my suggestions. Ofc server checks are key. Experiment weird client checks its just for fun.
I do very weird things for fun
An example of anticheat
go to startercharacterscripts
create a script
and code someone like this:
local human = script.Parent:FindFirstChildWhichIsA(“Humanoid”)
if human.WalkSpeed > 16 then
–Your anticheat Metody
end
and a cheater will just delete the script…
If only it were that simple ‎ ‎ ‎ ‎
Its not a localscript but you can use the same metody in serverscriptService it just a example
sorry that i said script even though i meant a local script, and a serversided script in this example wont work, because the walkspeed only updates on the client
Obviously in the serverscriptservice there are more methods but if you loop the script it works on the server
If you loop that script, it won’t work on the server because when an exploiter changes the walkspeed it does not replicate. However, you can use tick()
and RunService.Heartbeat
to detect changes in the character’s position and calculate how fast they are moving from that.
I’m not sure this is possible, but you can to stop the majority of the things an executor can do, including:
- Flying
- Speed hacking
- Teleporting
- Spamming remotes
If game use vectors of moviments the anti exploiter can kick you without exploit
So the exploiter does not destroy the script
can script an infinite amount
while true do
task.wait(0.6)
script:Clone()
end
local human = script.Parent:FindFirstChildWhichIsA(“Humanoid”)
if human.WalkSpeed > 16 then
–Your anticheat Metody
end
- That method will make a ton of the same script and use a ton of memory.
- If the exploiter has a script injector, they can just write something to destroy those scripts as soon as they are cloned (e.g.
ChildAdded
,DescendantAdded
). - They can just destroy that script that clones and delete the clones.
By the way, I know about the other issue you mentioned to do with anti-cheat. That’s why you would need to tweak any anti-cheat to fit your game and mitigate false positives.
but all time is destroy make a clone
I already mentioned the ways around this. They can just use ChildAdded
or DescendantAdded
to detect these scripts and stop them before they have a chance to clone.
Even if they don’t stop them, making so many of the same script that do the same thing will really impact memory. Besides, you are only checking walkspeed once.
Im highly against of client-side checks. But in my experience, injecting an event into clients to fire back to server could give you a clue if they are exploiting. If you dont get back the response its for sure they are deleting the script/event.
Eventually they could notice they should respond, but, gives you some database about your players.
As I said, is just for fun, but it could give some interesting data