Sirhurt exploit detector

That’s correct, you won’t be able to parent it to workspace back as :Destroy has set the RobloxLocked to true.

P.s. This doesn’t apply to exploits, as they run on an elevated identity and can access & change RobloxLocked.


image

3 Likes

Correct me if I’m wrong (which I probably am) but how would you run code to prevent the anti cheat from seeing the printed message before injecting sirhurt? I don’t think you can run code during injection…

3 Likes

Literally it was not satire, it used to work till they patched it (someone on v3rmillion posted a thread on this)

Anyways, this Exploit is so good that my CoreGUI detection flags it (they use internal login GUI, very safe)!

3 Likes

Please use task.wait() instead of wait, as task.wait is faster at resuming tasks than wait thru the TaskScheduler

2 Likes

Who’s going to tell him that the exploit doesn’t openly announce that they’ve executed a script for any developer’s localscript to detect, and that exploiters can block client-sided kicks.

4 Likes

Another one of these posts again, oh well here I go again.

Client-sided anti-cheats can always and will be bypassed, as the exploiter has complete control over their client while the developer has only limited control. I can understand creating anti-cheats on the client to catch skids, but eventually, that will also no longer work.

Instead of making anti-cheats on the client, please focus on creating server-sided ones.
Exploiters cannot access the server therefore it’s safer and more reliable.
Roblox themselves even said that they were working on more ways of preventing exploiters like server-authoritative physics.

3 Likes

I don’t know if this message is satire or not

2 Likes

I’m well aware that task.wait is better than wait, but it’s just a testing code written in 5 seconds and further optimization of the code isn’t necessarily needed and therefore delays don’t need to be on time.

3 Likes

On further note, having client-sided checks are always good when it’s not your only defense of security, it adds an external step for exploiters to deal with while they’re working around your security, also server-sided security isn’t fool-proof and they can be bypassed as there are infinite opportunities when it comes to finding other means to create exploiter scripts, patching exploiting is basically a mouse-and-rat game.

2 Likes

The goal of developers on this is to not stop exploiting altogether as that is impossible. Our goal here is to make their lives as hard as possible and we’re mostly able to do this by implementing server-sided anti-cheats.

Client-sided anti-cheats are not bad, but they’re not hard to bypass as experienced exploiters will easily get through them. This is why I always suggest working on server-sided anti-cheats instead of client-sided ones because it’s a waste of time.

2 Likes

How does your coreGUI detection work? I tried to make one but I didn’t have access to anything, not even game.DescendantAdded worked

1 Like

I may sound like a nerd, but let me correct you:

Depends, as most of them are skidded from multiple devforum posts (which are just showcases)
For example, the anticheat I made for Luh Entertainement (L.A.T) is capable of detecting a lot of
scripts and GUIs, and even injections.

The showcase can be found here

I sadly, cannot disclose this, as this is a private detection that only few people know how to use




Check out my posts on https://devforum.roblox.com/t/client-anticheats-and-why-you-should-avoid-making-one/2436348/15 why developers should create both client and server security systems.

Sirhurt actually did that, it’s from a v3rm thread and that’s how I detected it before. Do your research before judging something. Also he clearly states:

He isn’t going to pull out a whole Anti-Exploit (the kick is basically just a placeholder, it should be pretty obvious but okay).

step 1: abuse :PreloadAsync
step 2: profit.

1 Like

PreloadAsync lags and has lots of false positives such as a tool in the backpack or just a Roblox notification with a custom icon. I instead use a different method which I am not going to cite.

On another note, PreloadAsync has been bypassed by Synapse and ScriptWare.

You can still make it work with Synapse & Script-Ware just fine (I checked personally before Synapse went down, I reported it to Synapse so they can patch it but the exploit has been down since release of Hyperion /shrug), if your code lags and has a lot of false positives, it’s because it’s written faulty and poorly.

No, it’s because PreloadAsync actually lags (it preloads 500 images/second depending on your config!!!) Synapse also patched this clearly stating (Approx 2022ish) syn.protect_gui now bypasses PreloadAsync since the method was getting popular.

Not every script uses the syn.protect_gui function (cough SCRIPTS WRITTEN FOR FREE EXPLOITS cough), plus manual assignments of CoreGui is still popular and very detectable, and which most retards decide to do anyways. And like I said, you can prevent most of the lag by having checks in place, it’ll still have memory leaks (as you’re using a feature for unintented purposes lulz) but not a ton like many people would code it like.