The cheats Vanguard and VAC have to deal with are on a completely different level. Trying to detect tiny aimbots reading memory and spoofing mouse movements is a completely different task than detecting script executors which let people inject all types of nonsensical code into the engine. Roblox cheats are very blatant comparatively which is why every single relevant one has been picked up in a ban wave so far. As mentioned above, developers can detect this stuff with error logging and scriptcontext but it still makes its way up the pipe into the error dashboard. And the argument we’re making is that there should be better handling of this stuff on Roblox’s end, because it’s beyond the point of stealth-detection measures. Stuff like this should be handled in tiers, where blatant things like what OP describes are dealt with immediately while other cases, like what Bitdancer descibes as badware, should have more careful consideration.
Additionally, for what it’s worth, the opinions shared publicly by members of Roblox’s security team disagree with your conclusion that Vanguard is a chinese rootkit.
System software engineer here. Are there plans to or actual negotiations with Google about the Google Store policies that prevent Hyperion from being applied to the Android client? Considering the scale of the platform and the millions of users, I would imagine Roblox Corp would have a little bit of clout in negotiating an exemption to Google Store policy. However, even though Android is published by Google, Google isn’t the only Android based platform with a store out there. I have the Roblox client on my Amazon Kindle as well (as you may or may not be aware of).
In both cases, you are not required to load apps from the store. Just download/transfer an APK file over to the device and install it. You do have to do a few things though before it will let you, but it’s doable. I’ve done it myself with Android apps that I’ve written. The biggest difference between Windows and Android is that Windows has security as an afterthought. I’ve been around for quite awhile and remember all the very spectacular security breaches back when Windows XP was king. Android, being based on the Linux kernel, and therefore under the Unix umbrella, is inherently more secure than Windows.
The reason why Roblox is not seeing much on Apple iOS devices is due to Apple security, which is actually quite good. The iOS and Max OSX kernels are based on the Mach kernel from NeXTSTEP operating system. The Mach kernel is based on the BSD kernel which I am very familiar with (I run FreeBSD servers at home with custom software that I wrote). NeXTSTEP was developed by NeXT Computer which was founded by Steve Jobs after he was forced out of Apple Computer in the late 1980s early 1990s. When Steve Jobs came back to Apple in the mid to late 1990s, he brought all that with him and folded NeXT computer into Apple. Back on topic, Apple security is tighter than a drum because you can only install apps from the Apple App Store. Therefore, you have to jailbreak the device which is not easy. Apple patches security holes regarding this faster than [insert metaphor activity here]. Apple security isn’t based on just software, it’s also hardware where there are device specific SSL certificates stored in places in the device that only the CPU can access under very specific conditions. Furthermore, all software has to be digitally signed. Android does not have these requirements, so that’s why this is becoming an issue on Android.
The part of apple storing certs is in every modern phone or computer, they will always have a hardware keystore. Apple’s security comes at the cost of user freedom, and because of that they have to change it to continue working on the EU, and you don’t necessarily need to jailbreak to install modified apps outside the AppStore, you can use other methods that are jailbreak-less. The kernel something is based on is truly not that significant, and it’s not going to change the world at all. Exploiting is possible because in a device a user has theoretical control over, anything can be done. In Android you don’t need to have root to mod apps, just install it unofficially, but if you want to use root, you can use a Magisk Module or a Lsposed module to patch the game as you boot, for example. They’re all valid strategies. Apple patches Jailbreak because, essentially, it’s a Kernel-level unsigned code execution exploit, Android doesn’t have to, because you can unlock your Bootloader, which makes you fail integrity checks with Play protect and other validation systems, as your keystore says your Bootloader is unlocked. Most rooted users modify it by making the device pass the BASIC test, yet not the hardware backed test, which basically means it doesn’t use the devices keystore, Basic is probably going to be removed at some point, and that would probably less to rooting being even less popular than it already is, because aside from trying to hide root from apps, you have to hide it from Google play to use some apps. You shouldn’t recommend Roblox to go off-store, it limits visibility a ton and it’s a terrible approach to things, I’m not a software engineer anyway, so what say may I have…
While this post seems to becoming a pretty heated debate, I do think both sides have some valid points.
In my own games I don’t ban blatant cheaters, because the game performs better in the algorithm when everyone, even cheaters, are allowed to play. Instead I send cheaters to purgatory/cheat only servers.
I do want to ask why running an executor can’t be the only factor when determining a ban? Isn’t that the most blatant and obvious breach of ToS that affects Roblox, its developers, and its community all in one blatantly harmful action??? With the captchas removed and account creation at an all time high for accessibility, why isn’t being a little more aggressive towards cheating on the table?
Lastly if banning these users, or banning them in a timely manner is something Roblox is unwilling to do, would a better solution be just exposing some of the collected data to the developers? I don’t mind using evidence of injection as the only factor in determining whether a cheat occurs and taking immediate action.
Anti-cheat/anti-tamper software is very platform-specific. Hyperion, in its current form, cannot be simply ported to other platforms. We have been working for quite some time on an Android-specific solution, and public announcements regarding Android exploit prevention will be made soon.
Where is that policy for literally every other instance of ‘moderation’ this company does, including the chat filter, asset uploading, and every other form of report that is handled by a poorly coded bot? Why is it that the most blatant offenders get a free pass yet the people actually developing and playing fairly are constantly bonked over the head by automod? I could understand this policy for terminations, but you don’t even do that. All this red-tape just for a 1-day ban which Roblox is happy to hand out whenever you upload a picture the automod doesn’t like.
An entire detection system that just sits there unused because of fears of impacting the MAU.
Your team does good work, it’s unfortunate that the rest of the company doesn’t seem to care
These are all valid questions, and who knows, maybe I share your frustration. Having said that, I have given as much information on the topic as I can, perhaps even more than I should have. Thanks for keeping the topic lively, but at this point, I can’t contribute to it any further.
Thank you for replying. Hopefully the concerns OP raises are eventually looked into and addressed, and hopefully we eventually get proper server authoritative systems so all this can be behind us. Roblox is a very promising platform, but there are so many frustrating decisions that make it difficult to develop seriously on it.
I never recommended Roblox to go off store. What I asked/suggested was if Roblox is in negotiations with Google about gaining an exception to store policy so that Hyperion can be included in the Google Play Store client. Furthermore, Google isn’t the only Android play store. Amazon has one too for their Kindle devices.
That goes without saying. That type of software must be tailored to the workings of the platform. Under the hood Windows and Linux are very different. For desktop software, there’s compatibility layers like Cygwin where you can compile Unix source on Windows and have it run on Windows. It converts Unix system calls to Windows system calls.
It’s good to know that development has proceeded on the Android anti-cheat. The question then becomes how to really enforce it. Android allows one, with the right tools, to package any installed app as an APK which can be downloaded to a desktop computer. After that, I do not need to say what happens after that. I have heard about some hacked Windows clients where they disabled Hyperion, and added code to take out the Roblox servers, but there are some serious risks with that.
It is very simple they dont get banned; they are playing roblox on the LIVE channel that does not have Byfron. The recently released executor Solara requires bloxstrap for it to run, and bloxstrap runs on the LIVE channel.
LIVE has had hyperion since around May 2023? they only use bloxstrap because they see it as a way to downgrade if they see they got switched to a different channel other than LIVE
There are lots of exploiters in Rate My Avatar. They do not get banned.
They also bypass the chat tags and they use anti chat loggers…
That prevents their logs from being visible to Staff/Roblox, making it impossible to get banned.
If they prevent their logs, Reporting wouldn’t work on them. Edit: They also use infinite yield/infinite yield reborn… And they still do not get banned.
You can already detect this yourself, check out ScriptContext.Error, this event will fire whenever error happens and it tells from what script it is, you can easily detect if the script was injected by executor or not.
There are also more account deleted messages than just this one as well. Account terminations do happen from Hyperion ban waves but they’re uncommon as there is a shortage of working exploiting software to where it’s hard to get enough bans to get terminated.
If you’re talking about the window title crashes then Bitdancer already said something about that, I can’t find the post anymore but he essentially said that those type of “detections” are the first line of defense, you wouldn’t want to get banned for having a window that says “x64dbg” would you? I believe it’s only there to shake off the few who have no idea what they’re doing.
There is only so much server authority can do, especially on a platform that has tons of UGC games:
Doesn’t Roblox ban plenty of non-malicious software? If you ever run Procmon (which just monitors registry accesses), then even once it’s fully closed, you can never start Roblox again until you reboot your whole computer. This is supposedly because Procmon loads a kernel driver that cannot be unloaded, but that still doesn’t explain why it’s banned. It was implied to me in prior communication that it’s only banned because Hyperion came with a blacklist when it was first acquired by Roblox, but I was also told that there are no plans to remove Procmon from the blacklist.
No, we don’t ban based on badware. Hyperion might induce a crash because of badware, but that doesn’t mean one gets banned. If Hyperion doesn’t crash, then detection kicks in, and we ban based on detections.
TL;DR: Badware crashes the client. Software circumventing Hyperion gets the user banned.