Universal Executor Detection [Mac, Windows, Android]

Yes, you are free to test it yourself in the game i have linked. This specifically checks the script memory and not the memory itself of the game. I have explained how it works in detail in the thread.

3 Likes

cant exploiters just Destroy the script

2 Likes

You can always protect it by adding security in a VERY important script of your game, that way if they delete that “security” script it will bug their entire game out

.ChildRemoved or nil checking could do it

4 Likes

yes but that still can be bypassed if the exploiter has experience with scripting
they can remove the anticheat part from the script and keep the important stuff and they will probably leak the cheat that they used which means that any exploiter will be able to exploit that

2 Likes

Not really, for example:

First method: Adding this type of security directly into a forked player module, It’s nearly impossible to get rid of it unless they simply destroy their game

Second Method: Adding the security inside of a script that plays a big role in the functionment of the game would solve it

not to forget, the detection he provided kicks you if you are using an executor so they could not really “delete” the script if they cant even access the executor, The methods i’ve listed above are just “IF” the detector is bypassed which could happens and will happen

4 Likes

this is not a scalable solution and is extremely susceptible to human error

if i manged to forget to add a script to the whitelist (we are all humans, we make errors), i will not know because the script will not run in studio, the only time i’d find out is from complaints from players about this anticheat crashing their devices because a script went up by a few kilobytes.

lets not forget that this will also potentially damage my game & reputation as well

my advice to everyone:

please do not treat client-sided anticheats made in luau as the arbiter of truth, this is an example of why you shouldn’t

you do not and will not have access to the OS, so you cannot do much anyways

instead, invest your time into creating strong server authoritative systems, i also believe that roblox is creating their own

6 Likes

This relies on a memory detection which is prone to false flags and should never be used in an actual production game, Roblox memory is too unpredictable for this to be a 100% foolproof detection.

4 Likes

There is a risk involved in everything, and forgetting a script name can happen to anyone. Fortunately, fixing such mistakes doesn’t require a genius (Said case scenario wouldn’t require you to own a cheat as you can test this in a testing game before publishing your update if you truly even care about your game). I believe this detection mechanism will have a significant impact on the exploiting scene, making it more challenging for cheaters to exploit undetected. With this detection in place, there is only one proper way to bypass it, which will make exploiting significantly more inconvenient. This change has the potential to make a substantial difference in the security landscape, at least for a considerable period. In the end, all I see is a sense of discouragement towards detections and a lack of confidence in one’s skills.

FYI, Roblox previously relied on Luau detections to identify the notorious Krampus exploit. Additionally, the random banwaves affecting Android exploits can be attributed to this same reason.

1 Like

I’d like to clarify that labeling this method as simply “memory detection” is subjective and inaccurate, as it doesn’t actually utilize a place’s memory, as I’ve explained in my thread. I’d appreciate it if you could carefully review my thread, where I’ve also addressed the issue of false flags triggered by Roblox’s internal scripts. If you do happen to encounter any false flags, please feel free to reply to this thread and I’ll be happy to patch them.

local Old; Old = hookmetamethod(game, "__namecall", newcclosure(function(...)
  if getnamecallmethod():lower():find("isstudio") then return true end

  return Old(...)
end))

your whole script has been bypassed in 3 lines

5 Likes

it doesn’t utilize it no, but it does monitor it for spikes which are entirely unpredictable, I’ve tested this memory detection years ago and simply having alot of characters resetting at once will trigger it.

And all it would take me to patch it is to remove that line, i do not see a point in your reply. All I see, however, is an attempt by two users on this thread to discourage others and misrepresent the facts, to prevent this solution from reaching a wider audience of developers.

Man your check is a memory check.

I’m not saying this is entirely useless but what I am saying is that this WILL false flag and innocent users will get banned along with this being trivial to bypass even for skids.

1 Like

Even then, this has a bajazillon ways to get bypassed.

for i, v in getgc(true) do
	if typeof(v) ~= "table" then
		continue
	end

	if table.find(v, "CharacterLeanScript") and table.find(v, "Health") and table.find(v, "Animate") then
		print("haha i found u!!!")
	end
end

This is one of them, just grab the table in the gc and add whatever you want to it, trash it, hook table.find or whatever you want; you cannot assume a simple memory check, something trivial to bypass will be useful at the grand scheme of things

1 Like

you have not acknowledged my point about me, or someone literally forgetting to whitelist a script which could happen, it’s a honest mistake that can be made

most people here (including me) test their games in studio, so we literally wouldn’t know at all until it’s too late

FYI, Roblox previously relied on Luau detections to identify the notorious Krampus exploit. Additionally, the random banwaves affecting Android exploits can be attributed to this same reason.

that is highly unlikly because roblox uses byfron, which by the way, uses the windows API to detect cheats, that alone has much more power than any client-sided luau cheat available, including yours.

the fact that people are bypassing your script futher proves that client-sided anticheats made in luau are not effective

There are always ways to bypass anticheats. I still don’t see any point in trying to prove something that is already evident. Even Hyperion has been bypassed multiple times; yet, it’s just a cat-and-mouse game in the end. This detection, however, would definitely impact a day-to-day exploiter’s experience, as they would need to bypass it to even execute scripts normally. Keep in mind that most executors still lack auto-execute and are considerably slower for Android devices, which would make it impossible for them to bypass, as running a script would get you detected.

Sure this will detect exploiters but it will false flag more for innocent players than exploiters, also you’re entirely wrong, no exploit so far has bypassed hyperion entirely. Every single public exploit is detected and everyone who uses them is getting put into a banwave that happens at least twice a month. Simply if one player resets at the right time they can get every other player kicked by your anticheat, like I said I’ve tested this method around a year ago and the result will be the same. I’m not trying to discourage you from creating something that can detect exploits but just don’t release something that is prone to false flagging players.

People achieving script execution should already contradict what you have just said. The true fix lies in preventing the root cause, which is unauthorized script creation. Either way, I’d appreciate it if you wouldn’t trash my thread or mislead people. Someone who is smart enough can take advantage of this detection method and improve it for their own game.

And also FYI. Android does not have Byfron / Hyperion so the banwaves are related to luau detections.

Krampus has lasted months before it was detected, but this does not prove anything. My point still stands: any cheat or Anticheat will be patched with time.

If you can reproduce the false flag of someone resetting “at the right time”, then I’d be more than happy to patch it. As I have already considered it, I have added a proper fix for it.