what about if i, from a server script, call instance.new(“value”), set the parent to the character? in that case its replicated from server to client so there’s no issue right?
1 Like
That would not work, because the client can delete anything in its character. No workarounds. Checks must be placed on the server before calling anything in the client.
1 Like
the client can delete anything in its character, but it will only be deleted for him
1 Like
Anything the hacker deletes in his character is replicated in the server. Stop please
1 Like
CRITICAL EDIT: info on local scripts and module scripts
1 Like
Exploiters can read and delete server scripts if it in player’s character. You can test this in Studio - delete healing script, and you won’t heal anymore.
2 Likes
Ummmm if i have a terrain generation script client sided and a module which contains the property of the terrain, Am I doomed to be copy(I use perlin)
1 Like
Either way your doomed to be copied because hackers can steal anything in workspace, client-sided or not (just server scripts are excluded from this)
1 Like
Exploiters can’t read server scripts in the character, but yeah they can delete it.
2 Likes
Did you try it with an actual exploit? Your command bar or your simple cursor can’t prove it 100%
1 Like
No, i’m not use any exploits. But roblox studio can “simulate” exploits from the client, if you delete something or add new local script.
1 Like
But exploits can do more stuff than just localscripts. Like getrawmetatable, etc.
1 Like
Everybody shush, and read the clientside section, the main section, and the footnotes. It’s all there
1 Like
When a hacker is running saveinstance(), their memory usage increases. If anybody can figure out how to read and use this data, please let me know.
saveinstance() saves a game and decompiles all local/modulescripts and puts them in a nice lil’ folder for mr. hackerman
1 Like
Whatever you do you shouldn’t make memory checks to detect any type of exploit, even if it works for all of them (including scripts in nil and CoreGui). An average exploiter can bypass this very easily by hookfunction, which let’s them easily manipulate methods and make them look different than they actually are. But Stats:GetTotalMemoryUsageMb() exists, if you insist.
1 Like
No. Well not server scripts at least, at most they can steal local and module scripts. That’s why its a good idea to keep module scripts in ServerScriptService because anything in there does not replicate to the client. Same goes for ServerStorage. But the exploit program has to decode the script into something readable by you. From what I remember, Krnl does not have such an ability. Synapse does though (but its a paid program vs the free program known as Krnl).
1 Like
Note, due to developments in the past few months and ROBLOX taking more action against exploiters, the post may be out of date. Revision 3 of the thread coming soon!
2 Likes
Could you actually check with FindFirstChild to see if the ValueBase is there, and if it isn’t, could you kick the player assuming they were hacking, if this script was fully server sided, on ServerScriptService or ServerStorage?
1 Like
Can you use require() on all scripts and local scripts?
Place your scripts in server script service and use the require() service? Will this prevent any hacking mid-game?
2 Likes
Is revision 3 of this post out yet?
1 Like