Sirhurt exploit detector

yusatial · June 17, 2023, 11:41am

Auto-exec exists and the simple bypass I’ve wrotten works with Sirhurt, tested.

yusatial · June 17, 2023, 11:42am

Disconnect the existing connections? Parenting to nil is just :Remove and :Destroy is completely different.

shadowmaster940 · June 17, 2023, 11:44am

Remove and Destroy are the same thing they both parent the instance and all of its children/descendants to nil

yusatial · June 17, 2023, 11:46am

It isn’t, :Remove only parents the instance and its children to nil, and :Destroy does that + disconnects all connections, and sets the RobloxLocked to true to prevent recovery.

shadowmaster940 · June 17, 2023, 11:49am

Wdym prevent recovery? Like this:

local a = Instance.new("Part")
a.Parent = workspace

a:Destroy()

a.Parent = workspace

lnconcinnity · June 17, 2023, 11:53am

Indexing Parent will cause an error; that’s what they meant of “preventing recovery”.

shadowmaster940 · June 17, 2023, 11:55am

Are you sure? I haven’t had access to a laptop in a few months due to mine breaking but last time i tried to delete my character and bring it back it worked unless something has changed about destroy recently

yusatial · June 17, 2023, 11:59am

That’s correct, you won’t be able to parent it to workspace back as :Destroy has set the RobloxLocked to true.

P.s. This doesn’t apply to exploits, as they run on an elevated identity and can access & change RobloxLocked.

yourcomputerhasdied · June 23, 2023, 3:01pm

Correct me if I’m wrong (which I probably am) but how would you run code to prevent the anti cheat from seeing the printed message before injecting sirhurt? I don’t think you can run code during injection…

HexadecimalLiker · June 23, 2023, 4:35pm

Literally it was not satire, it used to work till they patched it (someone on v3rmillion posted a thread on this)

Anyways, this Exploit is so good that my CoreGUI detection flags it (they use internal login GUI, very safe)!

HexadecimalLiker · June 23, 2023, 5:26pm

Please use task.wait() instead of wait, as task.wait is faster at resuming tasks than wait thru the TaskScheduler

bluebxrrybot · June 23, 2023, 5:36pm

Cutsences:

game:GetService("LogService").MessageOut:Connect(function(Message, Type)
    if string.find(Message, "INIT SCRIPT") then
 --  put whatever you want here when detected     
     game.Players.LocalPlayer:Kick("loser")

Who’s going to tell him that the exploit doesn’t openly announce that they’ve executed a script for any developer’s localscript to detect, and that exploiters can block client-sided kicks.

TheRealANDRO · June 23, 2023, 5:55pm

Another one of these posts again, oh well here I go again.

Client-sided anti-cheats can always and will be bypassed, as the exploiter has complete control over their client while the developer has only limited control. I can understand creating anti-cheats on the client to catch skids, but eventually, that will also no longer work.

Instead of making anti-cheats on the client, please focus on creating server-sided ones.
Exploiters cannot access the server therefore it’s safer and more reliable.
Roblox themselves even said that they were working on more ways of preventing exploiters like server-authoritative physics.

legs_v · June 23, 2023, 7:30pm

I don’t know if this message is satire or not

yusatial · June 23, 2023, 8:39pm

I’m well aware that task.wait is better than wait, but it’s just a testing code written in 5 seconds and further optimization of the code isn’t necessarily needed and therefore delays don’t need to be on time.

yusatial · June 23, 2023, 8:43pm

On further note, having client-sided checks are always good when it’s not your only defense of security, it adds an external step for exploiters to deal with while they’re working around your security, also server-sided security isn’t fool-proof and they can be bypassed as there are infinite opportunities when it comes to finding other means to create exploiter scripts, patching exploiting is basically a mouse-and-rat game.

TheRealANDRO · June 24, 2023, 2:14pm

The goal of developers on this is to not stop exploiting altogether as that is impossible. Our goal here is to make their lives as hard as possible and we’re mostly able to do this by implementing server-sided anti-cheats.

Client-sided anti-cheats are not bad, but they’re not hard to bypass as experienced exploiters will easily get through them. This is why I always suggest working on server-sided anti-cheats instead of client-sided ones because it’s a waste of time.

yourcomputerhasdied · June 24, 2023, 2:56pm

How does your coreGUI detection work? I tried to make one but I didn’t have access to anything, not even game.DescendantAdded worked

HexadecimalLiker · June 24, 2023, 2:58pm

I may sound like a nerd, but let me correct you:

Depends, as most of them are skidded from multiple devforum posts (which are just showcases)
For example, the anticheat I made for Luh Entertainement (L.A.T) is capable of detecting a lot of
scripts and GUIs, and even injections.

The showcase can be found here

HexadecimalLiker · June 24, 2023, 3:06pm

I sadly, cannot disclose this, as this is a private detection that only few people know how to use