settings().Network.IncomingReplicationLag issue

There’s an exploit script where the player can utilise replication lag to make players on their screen freeze/lag but on other peoples screen, the exploiter is not lagging. Trying to create a patch/detection for this but ran into some issues. This is really annoying and even game breaking for sword tech games because exploiters can reach people from far distances without even lagging on anyones screen.

This is the exploit script

local a = false;
local b = settings();

game:GetService("UserInputService").InputEnded:connect(function(i)
if i.KeyCode == Enum.KeyCode.F3 then
a = not a;
b.Network.IncomingReplicationLag = a and 1000 or 0;
end
end)

This was my local script in StarterCharacterScripts

  • abc is where i send a webhook to a discord channel to log the change with a proxy
  • def is just a print
local network = settings().Network
local rLag = network.IncomingReplicationLag

while wait(5) do
    if rLag > 1 then
        -- abc
    else
        -- def
    end
end

Looked through the forum and devhub for any help/fixes but nothing related to this, also the script I have is in the StarterCharacterScripts section as a LocalScript, but I encountered the same error when just trying to access settings().Network via a ServerScript.

The error code I’m receiving is:
The current identity (2) cannot settings() (lacking permission 1)

Dont trust the client, honestly you probably wont get any other advice in here, so I’ll be the first to say it.

If you want to solve this issue, rather than solving this very specific way of the way the exploit is being conducted, instead solve the root issue, which is how you are verifying player hits. Perhaps create a minimum distance that the player needs to be to do damage (and do this on the server!)

The reason I say this is because there are many other ways to pull this exploit, but more importantly, any counter-measure taken on the client can be disabled very very easily.

As for this very specific issue, this is because the local script is not allowed to have access to this property, there is no way round this. Exploiter’s executors are able to bypass the security thread level, and get access to things you the game developer don’t have access to.

4 Likes

The tech this was used on allows for up to 12 stud reach, so on the server it may be 11.9 and on the exploiters like 1 stud, so it’s not really effective.

Is there no way to access IncomingReplicationLag through a script?

I’m not sure I follow.

And correct there is no way to access IncomingReplicationLag through a script.

1 Like

Alright thanks for the help anyway.