Valyse Exploit Detection [patched]

this is common vuln and fixed in most exploits.

valyse autoexe is slower than replicatefirst that mean we can kick them before hooking metamethod

local namecall
xpcall(function() game:xd() end,function() namecall = debug.info(2,"f") end)
while task.wait(.1) do
	local Success, Result = pcall(namecall, 0)
	if Result:lower():find("valyse") then
        -- detected
    end
end
21 Likes

Hes reply was edited, when liker originally replied he said “client anti cheat developers be like:” which is really not productive at all.

11 Likes

oh, btw this anti-cheat cant bypass until exploit developer fix

put this simple bypass in valyse autoexe

local old
old = hookfunction(getrawmetatable(game).__namecall, newcclosure(function(self,...)
    if typeof(self) ~= "Instance" then return coroutine.yield() end
    return old(self,...)
end))

still not work cuz valyse autoexe is very slow (slower than replicate first)

10 Likes

(post deleted by author)

7 Likes

How does some code as simple as this prevent exploits from being used?

I’m genuinely asking out of curiosity because I always believed that anti-exploits in Roblox Lua are usually just bogus and “just secure your remotes and systems”.

Never thought it was possible to actually detect if an exploit program is used from within Lua.
How does this code work? What does debug.info() do?

7 Likes

debug.info is hard to explain here.
u can use for getting information about function

more info

i’m using debug.info to get namecall method function in metatable of instance
and first parameter of namecall is accept instance only, so technically u cant namecall number.

-- syntax error
(0):_() 

local number = 0
number:hi() -- error attempt to index number with 'hi' because number does not contain any metamethod even number contain namecall metamethod this still won't work, cuz still not same function

now the point is error will be show like this

-- normal error
namecall(0)  -- :Script: invalid argument #1 (Instance expected, got number)

-- valyse attached to roblox
namecall(0)  -- :Valyse: invalid argument #1 (Instance expected, got number)

u see the difference right?
sorry for my grammar and poor explanation

9 Likes

please stop leaking detections like this. i had already found this and now it is going to be patched. i wouldnt be surprised if valyse developers are constantly looking for detections.

8 Likes

i think u miss the point that he talking about

7 Likes

not that exploit detections need to be stopped, i am saying that leaking exploit detections need to be stopped

10 Likes

This kinda is a double edged sword.

Because by not showing how to stop exploits, only a select few people would know about it.
If the method is public then everyone knows how to do it but chances also are that exploiters will find how to bypass it eventually.

It’s essentially a trade-off between almost no one knowing how + less likely to be patched OR all devs knowing how to stop it + more likely to be patched soon.

7 Likes

better just to keep it private and let people find the detection on their own if they really want it

7 Likes

Exposures like these would be removed later on either way.


The fact that we on the developer side are more protective about our methods isn’t something to be positive about though.

When a developer searches for a specific detection: no results

When a developer creates a detection: sell/private it

When an exploiter discovers a detection and creates a bypass: post it for free on a forum

When another exploiter/script kiddie stumbles upon a detection and searches for a bypass: quite some resources

Due to this individualism at the game development side, sharing knowledge and improving the preventions are much harder.

7 Likes

I know somebody else asked the same thing but what’s up with debug always used to detect, do all exploits rely on it orr?

4 Likes

nope, there’s debug.info, gcinfo, collectgarbage, memory and more
debug.info is just one of them

2 Likes

How does it work anyway? It returns a number in roblox luau but in exploits it returns something completely different.

2 Likes

nah, gcinfo is returning current garbage amount.
that mean we can check garbage amount is sus or not

1 Like

Apparently autoexecute is now faster, it is not slow anymore. can you confirm it? @Megumintx

1 Like

Do you think that roblox is planning on fixing this?

1 Like

The most trivial move Roblox can do to stop these exploits is by blocking the UWP client and remove it from MS Store.

1 Like

yeah i know like title and it patched.