Sirhurt exploit detector

NERDESINPANG0 · June 17, 2023, 11:59am

That’s correct, you won’t be able to parent it to workspace back as :Destroy has set the RobloxLocked to true.

P.s. This doesn’t apply to exploits, as they run on an elevated identity and can access & change RobloxLocked.

yourcomputerhasdied · June 23, 2023, 3:01pm

Correct me if I’m wrong (which I probably am) but how would you run code to prevent the anti cheat from seeing the printed message before injecting sirhurt? I don’t think you can run code during injection…

TheLikerYT · June 23, 2023, 4:35pm

Literally it was not satire, it used to work till they patched it (someone on v3rmillion posted a thread on this)

Anyways, this Exploit is so good that my CoreGUI detection flags it (they use internal login GUI, very safe)!

TheLikerYT · June 23, 2023, 5:26pm

Please use task.wait() instead of wait, as task.wait is faster at resuming tasks than wait thru the TaskScheduler

bluebxrrybot · June 23, 2023, 5:36pm

Cutsences:

game:GetService("LogService").MessageOut:Connect(function(Message, Type)
    if string.find(Message, "INIT SCRIPT") then
 --  put whatever you want here when detected     
     game.Players.LocalPlayer:Kick("loser")

Who’s going to tell him that the exploit doesn’t openly announce that they’ve executed a script for any developer’s localscript to detect, and that exploiters can block client-sided kicks.

TheRealANDRO · June 23, 2023, 5:55pm

Another one of these posts again, oh well here I go again.

Client-sided anti-cheats can always and will be bypassed, as the exploiter has complete control over their client while the developer has only limited control. I can understand creating anti-cheats on the client to catch skids, but eventually, that will also no longer work.

Instead of making anti-cheats on the client, please focus on creating server-sided ones.
Exploiters cannot access the server therefore it’s safer and more reliable.
Roblox themselves even said that they were working on more ways of preventing exploiters like server-authoritative physics.

dandcx · June 23, 2023, 7:30pm

I don’t know if this message is satire or not

NERDESINPANG0 · June 23, 2023, 8:39pm

I’m well aware that task.wait is better than wait, but it’s just a testing code written in 5 seconds and further optimization of the code isn’t necessarily needed and therefore delays don’t need to be on time.

NERDESINPANG0 · June 23, 2023, 8:43pm

On further note, having client-sided checks are always good when it’s not your only defense of security, it adds an external step for exploiters to deal with while they’re working around your security, also server-sided security isn’t fool-proof and they can be bypassed as there are infinite opportunities when it comes to finding other means to create exploiter scripts, patching exploiting is basically a mouse-and-rat game.

TheRealANDRO · June 24, 2023, 2:14pm

The goal of developers on this is to not stop exploiting altogether as that is impossible. Our goal here is to make their lives as hard as possible and we’re mostly able to do this by implementing server-sided anti-cheats.

Client-sided anti-cheats are not bad, but they’re not hard to bypass as experienced exploiters will easily get through them. This is why I always suggest working on server-sided anti-cheats instead of client-sided ones because it’s a waste of time.

yourcomputerhasdied · June 24, 2023, 2:56pm

How does your coreGUI detection work? I tried to make one but I didn’t have access to anything, not even game.DescendantAdded worked

TheLikerYT · June 24, 2023, 2:58pm

I may sound like a nerd, but let me correct you:

Depends, as most of them are skidded from multiple devforum posts (which are just showcases)
For example, the anticheat I made for Luh Entertainement (L.A.T) is capable of detecting a lot of
scripts and GUIs, and even injections.

The showcase can be found here

TheLikerYT · June 24, 2023, 3:06pm

I sadly, cannot disclose this, as this is a private detection that only few people know how to use

NERDESINPANG0 · June 24, 2023, 6:33pm

Check out my posts on https://devforum.roblox.com/t/client-anticheats-and-why-you-should-avoid-making-one/2436348/15 why developers should create both client and server security systems.

TheLikerYT · June 24, 2023, 6:34pm

Sirhurt actually did that, it’s from a v3rm thread and that’s how I detected it before. Do your research before judging something. Also he clearly states:

He isn’t going to pull out a whole Anti-Exploit (the kick is basically just a placeholder, it should be pretty obvious but okay).

NERDESINPANG0 · June 24, 2023, 6:37pm

step 1: abuse :PreloadAsync
step 2: profit.

TheLikerYT · June 24, 2023, 6:41pm

PreloadAsync lags and has lots of false positives such as a tool in the backpack or just a Roblox notification with a custom icon. I instead use a different method which I am not going to cite.

On another note, PreloadAsync has been bypassed by Synapse and ScriptWare.

NERDESINPANG0 · June 24, 2023, 7:01pm

You can still make it work with Synapse & Script-Ware just fine (I checked personally before Synapse went down, I reported it to Synapse so they can patch it but the exploit has been down since release of Hyperion /shrug), if your code lags and has a lot of false positives, it’s because it’s written faulty and poorly.

TheLikerYT · June 24, 2023, 7:04pm

No, it’s because PreloadAsync actually lags (it preloads 500 images/second depending on your config!!!) Synapse also patched this clearly stating (Approx 2022ish) syn.protect_gui now bypasses PreloadAsync since the method was getting popular.

NERDESINPANG0 · June 24, 2023, 7:07pm

Not every script uses the syn.protect_gui function (cough SCRIPTS WRITTEN FOR FREE EXPLOITS cough), plus manual assignments of CoreGui is still popular and very detectable, and which most retards decide to do anyways. And like I said, you can prevent most of the lag by having checks in place, it’ll still have memory leaks (as you’re using a feature for unintented purposes lulz) but not a ton like many people would code it like.