this is common vuln and fixed in most exploits.
valyse autoexe is slower than replicatefirst that mean we can kick them before hooking metamethod
local namecall
xpcall(function() game:xd() end,function() namecall = debug.info(2,"f") end)
while task.wait(.1) do
local Success, Result = pcall(namecall, 0)
if Result:lower():find("valyse") then
-- detected
end
end
Hes reply was edited, when liker originally replied he said “client anti cheat developers be like:” which is really not productive at all.
oh, btw this anti-cheat cant bypass until exploit developer fix
put this simple bypass in valyse autoexe
local old
old = hookfunction(getrawmetatable(game).__namecall, newcclosure(function(self,...)
if typeof(self) ~= "Instance" then return coroutine.yield() end
return old(self,...)
end))
still not work cuz valyse autoexe is very slow (slower than replicate first)
(post deleted by author)
How does some code as simple as this prevent exploits from being used?
I’m genuinely asking out of curiosity because I always believed that anti-exploits in Roblox Lua are usually just bogus and “just secure your remotes and systems”.
Never thought it was possible to actually detect if an exploit program is used from within Lua.
How does this code work? What does debug.info() do?
debug.info is hard to explain here.
u can use for getting information about function
i’m using debug.info to get namecall method function in metatable of instance
and first parameter of namecall is accept instance only, so technically u cant namecall number.
-- syntax error
(0):_()
local number = 0
number:hi() -- error attempt to index number with 'hi' because number does not contain any metamethod even number contain namecall metamethod this still won't work, cuz still not same function
now the point is error will be show like this
-- normal error
namecall(0) -- :Script: invalid argument #1 (Instance expected, got number)
-- valyse attached to roblox
namecall(0) -- :Valyse: invalid argument #1 (Instance expected, got number)
u see the difference right?
sorry for my grammar and poor explanation
please stop leaking detections like this. i had already found this and now it is going to be patched. i wouldnt be surprised if valyse developers are constantly looking for detections.
i think u miss the point that he talking about
not that exploit detections need to be stopped, i am saying that leaking exploit detections need to be stopped
This kinda is a double edged sword.
Because by not showing how to stop exploits, only a select few people would know about it.
If the method is public then everyone knows how to do it but chances also are that exploiters will find how to bypass it eventually.
It’s essentially a trade-off between almost no one knowing how + less likely to be patched OR all devs knowing how to stop it + more likely to be patched soon.
better just to keep it private and let people find the detection on their own if they really want it
Exposures like these would be removed later on either way.
The fact that we on the developer side are more protective about our methods isn’t something to be positive about though.
When a developer searches for a specific detection: no results
When a developer creates a detection: sell/private it
When an exploiter discovers a detection and creates a bypass: post it for free on a forum
When another exploiter/script kiddie stumbles upon a detection and searches for a bypass: quite some resources
Due to this individualism at the game development side, sharing knowledge and improving the preventions are much harder.
I know somebody else asked the same thing but what’s up with debug always used to detect, do all exploits rely on it orr?
nope, there’s debug.info, gcinfo, collectgarbage, memory and more
debug.info is just one of them
How does it work anyway? It returns a number in roblox luau but in exploits it returns something completely different.
nah, gcinfo is returning current garbage amount.
that mean we can check garbage amount is sus or not
Do you think that roblox is planning on fixing this?
The most trivial move Roblox can do to stop these exploits is by blocking the UWP client and remove it from MS Store.
yeah i know like title and it patched.