Take Phantom Forces for example. This is ironically a bad example because Phantom Forces sort of gives the killed player insight into the camera of the player who killed them, so if they killed someone shortly after you you’d see it spaz a bit. But imagine it didn’t. A consistent shooting pattern would be hardly perceptible if the server doesn’t give you a lot of insight into the what the player’s camera is looking at. Furthermore, if the player is using a gun with a lot of recoil (AK47 or M60 for my PF homebodies) any aimbot built on randomizing body part locations is further hidden because the excuse “it’s the recoil throwing my shots over the body” becomes increasingly valid.
Moreover, (and riding with the Phantom Forces example a little further) consistency as a detection method works well in games where recoil is noticeably difficult to control (CS:GO) and/or a very new FPS game that does not have people well versed in controlling the guns. Phantom Forces has a competitive scene with teams that practice, queue up community matchmaking servers, and have an extremely in-depth knowledge of the games inner mechanics for players who have never seen the source code (simply because of play time). As a result, with more experienced players in servers coupled with a game that has manageable recoil on their weapons, consistency can be hard to use as metric for detecting or generating suspicion of aimbot.
To reply to a point @Tyanarus just made, human moderators have their limitations too. Continuing to roll with Phantom Forces (if anyone can’t tell I’m a big fan of that game) players in the competitive scene of that game (or just very highly skilled players in general) are known for very frequently getting kicked from games (because they do things that look like exploiting i.e. shooting through walls, headshot consistency, high kill games (166 kills in just this round - https://www.youtube.com/watch?v=aTcws5dGJH4), etc. That’s not to say it’s entirely ineffective, but there are many false positives that come with a system like this.
As soon as a player kills someone, position an invisible, fake character behind the player’s camera / character instantly and if they turn around and shoot the invisible, fake character within 0.1 seconds, kick them with a “You have lost connection” message. They will either fall for the same trap again or think that the aimbot is broken and complain to the person who made it.
Hey you shouldn’t do checks like these. If player constantly moves around, the shot sometimes hit the same part but different position. I experienced this issue while playing Knife Ability Test (KAT). In my scenario, most of the aimbot’s work like locking camera in FPS. When player moves fast (like : jump or boost) they cursor of exploiter follows it but it doesn’t accurately synced with body position. But a fact is the exploiter’s cursor moves the same way as the players targeted body parts move. Now it’s a issue how to merge cursor position(Udim2) and bodyposition(CFrame). If you somehow get the Udim2 value of player’s body position and keep checking if cursor is moving exactly the same way with body parts position, then it can be prevented I guess. I think roblox should do something like this. So FPS games won’t be suffering from aimbot issues! Hope this helped. Thanks!
Just to point out that aimbot scripts these days have improved a ton and it doesn’t just hit at the same part on the same position. I’ve scripted one personally (for private reasons and uses.)
Issue 1 and 2 would never work; no matter if it has a spread mechanic or not. The way I script it (and the other “updated, better” aimbot programs) is that it moves your mouse with a certain sensitivity. So unless that the exploiter’s going really blatant by making the sensitivity 0 (which people never do because it also might break your mouse), you can never detect Issue 1 and 2.
Look closely; it’s not a very obvious aimbot but it is infact an aimbot.
note: this script can work in both 3rd person and first person shooters.
note2: Not every aimbot is scripted my way, I’m just saying that your theories might work on the low-tier badly scripted aimbots but yes; the aimbot scripts is growing.
I feel like this is a great idea and people could use this to prevent most aimbot and aimlocks. But the thing is most paid developers that provide premium scripts could easily find a workaround over this.
In my theory we could make it check if it was the same player and see if they hit directly onto the position of the part as there is a slim chance a real player would be able to hit directly onto the position of a part.
If the solution were this easy you wouldn’t see that many cheats available and working in basically every tripple A online shooter title. There is a huge multi-million dollar industry behind detecting cheats and they are all fighting the same issue.
Be aware you are engaging in a cat and mouse game. You find a method and it will only take some amount of time before someone bypasses it again. There is no ultimate solution.
I wish ROBLOX would take a harder stance on these paid for (as in someone is making money off of them) exploits/cheats as that would certainly be a better approach than all the affected developers having to come up with hacky solutions to this problem from within an engine that severely hampers them in that regard.
ROBLOX is now big enough of a corporation to scare them off with a legal letter.
Honestly the only way to reliably handle this would be through training AI with real and bots, then after a few hundred thousand iterations, test out it’s effectiveness.
The difficulty is, indeed, trying to create some form of check to highlight some of these, without getting false positives, impacting game experience, and in a realm where such issues are, as you and others have said, got massive companies looking at this. I suppose the aim of this topic is to try highlight ideas or methods to help better protect your game instead of completely protect it.
I suppose the most we can do as developers is create systems that can attempt to block or break the more common, cheap, or lower tier ones. Either migrating those who can afford it to go for paid exploits, or to dissuade the typical “free script kiddy” causing their trouble.
In all though, this discussion is great! I am really happy my first “uber serious” post is having traction.
Intriguing, didn’t think of this. I suppose if you create the rules for the camera, if it behaves inorganically then there’s clearly some foolery around!
Unfortunately, this would be easily bypassed. The aimbot method your talking about is called silent aim, and it requires highjacking remotes, and making the hitpart / hitposition the target players head. This makes it very easy to just multiply a number to make it look legit. They also have to be made specially for different games, so they would take in account the anti cheat.
Normal Aimbots usually have ways to make to make it look like they they are legit, and usually won’t hit the same position everytime, because it follows the player rather than snapping to the head.
Ontop of that, you have to take in account that usually players are MOVING, so this makes scripting this pretty hard.
So I was eating my egg fried rice, and ended up almost choking when this brain nugget hit me like a meteor.
With first person games, if you have to point towards another player, wouldn’t it be simple to do server side checks from the torso/head’s CFrame towards the Y and Z axis of another part? Rarely would you be able to hit the exact direction of the part relative to your character, so perhaps a sanity check to see if it happens say, 10 times in a row for 10 parts, by the server, could flag an aimbot for first person?
its stopped every aimbot I’ve tested on it