Simply as the title states, Roblox already has a really reliable way to detect certain cheats running, and it’s clear that they aren’t banning these users for some reason.
Every day I log on and check error report, the log is flooded with errors from cheaters using injectors. It’s really obvious too because it’ll be listed as a random address or “CoreGui Execution”. Stuff like:
and that doesn’t even include the myriad of errors I see from scripts that aren’t mine and were just inserted at some point as models.
Clearly roblox is detecting and recording these executors, and then distributing that information to us via error log. So it’d be nice if they either A. Banned users on the spot for this, or B. gave developers more information/detection ability so we can ban them ourselves.
I have sent numerous messages regarding this, it’s really nonsensical the way it’s handled. There’s maybe one ban wave every 2 months that hands out a 1-day ban at most, not even applying to alt accounts. The system is a complete joke. The fact that these exploits manage to get logged and make it all the way up the dashboard but Roblox doesn’t give us any way to act on it is baffling. It’s so blatant that it should be an instant termination. It completely floods the error dashboard as well, making it tough to find actual errors.
Majority of logged exploiters aren’t even using alts either, they just blatantly cheat on their main account because they know Roblox systems are limp-wristed. Hopefully Roblox eventually takes meaningful action instead of these half-hearted approaches that don’t even work.
No, that’s just the error logger at work. Sure it may seem simple, as a developer, to look at an error and determine that it’s foreign code being executed, but computers can’t just look at the code its executing and determine that it’s the work of an exploiter.
Hyperion tries to prevent memory modification by external programs, it does not “know” if injected code is injected.
I’m sure @BitDancer could give some better insight on this.
I’m not suggesting they magically build a new detection method for executors, I’m just saying that clearly these cheaters make mistakes like any other programming.
Simply monitoring the error log with an automated system to catch these mistakes as they occur would be a trivial thing to setup and even automated systems would be able to determine that CoreGui.Execution isn’t a legitimate vm/source.
I don’t believe this is a good idea. Programmers and cheat developers can constantly try to bypass Byfron’s measures, and if they see that a method they used gets them banned, they go to the next method and the next method until they find a method that works. With the system right now, even if it may take a couple days to weeks to ban the user, the developer won’t know what is detected with their cheat injector and will make it a lot harder for the developer to try to bypass detections.
Is Roblox not a closed-system? The client can’t require(assetid), all scripts running on the client should come from the server. Therefore shouldn’t it be possible to tell which code doesn’t belong? You could do pattern detection at large scale to determine which scripts do not belong, and then give developers the opportunity to act on it. If 99.999% of daily users are operating within pattern but you have 0.001% throwing errors all over from scripts like ‘coregui executor’ that don’t have a proper traceback, then it’s pretty safe to conclude those are exploiters
Hyperion does detect tampering with the process. Sadly, it is hard to distinguish if the offending software is just a poorly written tool, some antivirus, or some video recording software. This is the reason we coined the term “Badware.” For us, Badware is any software that opens the client process unauthorized. This doesn’t necessarily mean the software in question is malicious, so banning based on “Badware” detection is out of the question.
For a user to be caught in a banwave, it takes quite a bit more than just running an exploit once. Given the scale of Roblox, it should be clear that being less careful with banning might quickly end in disaster, so naturally, we are extremely careful and generally prefer to crash the client rather than ban someone.
Furthermore, cheating using Windows clients, thanks to Hyperion, is actually rather uncommon these days. Once again, scale matters. Culling down cheaters to a few thousand on Windows is a huge success in our books.
Currently, Android is the go-to platform for cheating, so a lot of observed cheating is most likely committed by Android users or folks using emulators. Needless to say, we are focusing our efforts right now on Android and Android emulators.
how do exploit developers even slip up like this lol? even if roblox does take action for this, it will be short-lived and likely would’ve been redundant in the future, regardless if it was implemented or not.
It’s not even really a new ‘slip up’, executors have been leaking errors like this forever. It’s just that they see no real need to patch it because Roblox simply chooses to not take action.
Please read carefully what I wrote. From a Roblox user’s view, the issues seem easy to solve. However, for an organization like Roblox, with a large user base, nothing is as straightforward as it seems at first glance. The number of banned users who clearly exploited, and we have the receipts, yet chose to appeal is rather large and somebody needs to deal with it (one example of many). Scale is always the issue and is what distinguishes a hobby project from a large company.
I have read what you wrote, except it’s not relevant in the context of the OP nor the post I replied to.
“Sadly, it is hard to distinguish if the offending software is just a poorly written tool, some antivirus, or some video recording software”
Can you name a single piece of badware that throws “Coregui.execution” errors to the developer dashboard? Must be some really messy badware if it’s managing to slither itself into the Roblox lua engine. The point of the OP was that these low-quality exploit scripts should be handled better because they’re blatant and interfere with developer debugging. This isn’t a case of badware tampering with Roblox and causing false-positives, it’s a case of obvious injection not being properly handled.
This issue has been reported before as well, with some people not even aware these are exploit errors:
I understand the concern for false positives in ban waves when detecting tampering. I’m aware that Roblox is hesitant to terminate cheaters. But there’s a difference between someone booting up an outdated version of OBS and what OP is describing. If these janky cheats are somehow logging their way into the developer dashboard, then it’s absolutely at the point of needing to be handled better by Roblox.
Like the guy said, it is hard to distinguish between cheats and other programs that trigger the anti cheat. As far as I know, Roblox crashes you if the anti cheat flags a program. I think even things like RivaTuner can cause roblox crashes with the anti cheat.
I was pinged to answer a question that is Hyperion-related, so I answered as well as I could without giving away internal information. The issue of scale applies to the OP’s post too. I also replied to your comment, “Roblox simply chooses not to take action,” which is incorrect.
Is there any way for you to program it so that if some of these obvious errors are tied to a specific username, it automatically bans them from your game?
Otherwise, I’m not even sure why Roblox doesn’t ban them, either they know they’re exploiting and they don’t take any action or their anti-cheat is still underdeveloped
You could intercept errors using the ScriptContext in DataModel, and calling some remote to ban when the error makes no sense, i.e: Can’t access parent of script/script is nil, and you can try to do some work to make it so it must be able to work or something.
I know it sounds easy, we got the user ID of a user, therefore we can simply ban them for their malicious behavior. However, one needs to understand that everything, and I mean everything, that is sent from the client might be compromised. This is the reason we need multiple factors to have higher confidence before we act. Could the evidence shown by the OP be one of these factors I speak of? Sure. Could it be the only factor needed? No way.
Roblox when dealing with exploiters: Well, they could be compromised who knows! Lets investigate for a month before deciding whether they should be banned for 1 day!
Roblox when dealing with developers: That picture of a shovel you uploaded? Our poorly-coded bot has detected harmful content, moving in for a swift ban!
Where was that ‘everything from the client might be compromised!’ approach last month when malicious scripters were able to terminate developers instantly simply by adding a fake GUI to the game and reporting it? Sorry, but this system is just crap as it stands now. The system seems completely backwards. You have numerous automated bots which fail constantly and throw warnings and bans at developers, yet practically nothing exists for cases like the OP where it’s so blatant it’s laughable. I know the stuff with Trust & Safety and how your team wants to terminate these accounts but isn’t allowed, so there’s no need to wear a mask regarding the issue. I can only suggest you appeal to the higher ups and attempt to get this system changed because it’s a joke. Even if it’s not a termination immediately by Roblox, the OP suggests giving developers tools to mitigate it. There is no reason our dashboards should be flooded with this kind of nonsense.
No other game in the world gives a 1-day ban for injecting. EAC, VAC, Vanguard, etc all move to immediate terminations. We know this is what you want too, so please keep up the fight internally as you’re the only representative we have.
Because despite them all having their own, often glaring, issues they’re all either based on objective known information (VAC doing detections based off confirmed known cheats and their injection methods/code) or have far more ability to detect things than Hyperion (Vanguard is literally a rootkit, in very plain and basic English meaning it runs when you press the power button and sees all as if it’s built into Windows itself)
Hyperion won’t let you start your game if a program window has a title starting with x64dbg because it’s a known debugging tool which can very easily be used to inject code (and in turn exploit the game) - It doesn’t care if the program actually is x64dbg or not, it doesn’t care if you aren’t using it in Roblox, it’s just guessing/assuming that you may potentially have something malicious and pre-emptively not letting you in because of it.
Hyperion is very basic and oversensitive because it’s far easier to just assume most stuff is bad than do what VAC does (look at how TF2 and CS2 are going with VAC in use) and it’s a really bad look to use something comparable to literal malware (Vanguard having as much access as it does, regardless of the fact it’s talking to China/Tencent, is genuinely a terrifying idea. Any virus worth its salt these days will do it’s best to be a rootkit, or as close to one as possible)
Because of the basic checks and oversensitivity, Roblox can’t afford to ban anyone it picks up, because of how easy it is to trip by accident.