I recently discovered that ROBLOX has released the new Ban API,
which allows game developers to ban players without needing to use a DataStore.
It also allows some level of alt account detection for previously banned users.
Ive found two glitches that allow users to bypass the Ban API
and access games even while banned:
I recommend hiding this information as this seems like a exploit/method to directly bypass roblox systems. Since this is posted publicly on the forums, anyone even when not logged in is able to use this information and potentionally gain a advantage of it. Being able to straight up disable alt account detection isn’t a good thing publicy available (Even if it’s available on github)
So, no, this does not allow people to “access games after being banned” - all this does is prevent the alt-account detection from being functional. If that account is banned, it will still remain banned upon trying to access the experience. Additionally - accounts that are already marked as alts will still be banned as alts.
Any method of doing this will do the same thing - clearing the RobloxCookies.dat and changing MAC Addresses before logging into an account that would otherwise be associated as an alternate account to the account that is banned.
So it’s not quite a “Ban API bypass” - it’s more of a “situational alt-account detection workaround”. Alt-detection was already finnicky to begin with and has a lot of issues, so ideally it would just get a big update to fix some of these issues/exploits.
This is the fundamental challenge with creating any system of banning a player with immediate action. It makes discovering bypasses really easy, since an exploiter who wants to get around a system like this can just ban themself on their own game, hop on an alt, check if they’re detected, make changes to their system, and test again. Do that a few times, and no matter what Roblox tries to do bypasses are not only inevitable, but very easy to find.
This is why whenever Roblox does bans on the platform, they do it in waves. It’s much more difficult for an exploiter to discover bypasses for the various detections Roblox does on their clients.
Obviously, this does not work for BanAsync bans, since those players would still be able to enter the game until some wave goes through. Unfortunately, at best, the BanAsync API with respect to ExcludeAltAccounts as false really only keeps out the cheaters who don’t know enough to bypass.
I suspect Roblox only created this API due to pressure from developers to “help” deal with the issues they’re facing with exploiting in their games.
Unfortunately, this system is not bugged. It’s just a fundamentally flawed concept that cannot be fixed. Best case, they could switch things up to keep bypassers on their toes. But, I suspect, Roblox isn’t interested in that cat and mouse game. It’s extremely cost prohibitive for them and does little for us, in reality. I really can’t see them doing anything about this, simply because there’s nothing to be done about this long term.
Hi, I am the author of ByeBanAsync. I can assure you the code is safe, it’s open source and you’re free to compile it yourself.
It does not unban already flagged accounts, it just prevents future ones from being associated.
It’s more of a proof of concept than anything showcasing how weak Roblox has made BanAsync; They’ve had HWID association in Hyperion for months at this point but only use weak associations like same email and your robloxcookies.dat file. If they wanted to make it better, they easily could. I’m sure they have their reasons.
I got an issue on my side which is actually bypassing without even trying to clear the cache. Leave the game your banned, use another browser from a alt and join the game again and enjoy.
DO NOT INSTALL OR RUN THIS PROGRAM