What hackers can/cant do

Yes, they can, although this won’t replicate to the server meaning that it won’t change for the server. If you want values that should only be accessed by the server, store them in ServerStorage.

2 Likes

If that code is in a Localscript, then yes.

If it’s a Server script, they can’t.

1 Like

Yes, they can, that is why you do these checks on the server where they cannot be spoofed. Try sending a remote event form client to server, then when the server receives the player from the event, you can check the rank from there.

1 Like

Is there any example scripts of this? I’m horrible at remotes.
Edit: I figured it out, feeling very smart.

1 Like

Wanted to let you all know that deleting things in the character is going to be patched soon. They recently added a new property in workspace called RejectCharacterDeletions. Its not active yet though.

@TheShowCaseMaker sorry for ping, but from your post:
“Hackers can view and edit local scripts in a client service (such as StarterPlayer)”
I thought that client side could only see ModuleScripts and LocalScripts, with the exception that hackers can edit and run module scripts (but the server won’t see the values changed in the module script). Perhaps we need some more details for the post (btw, nice job with all the explanations and useful info)?

Technically that’s still correct, they can read the compiled bytecode of LocalScripts and ModuleScripts as well as decompile it. In terms of runtime exploits and changing things, the more specific thing they’re doing is modifying memory and making your variables point to different values.

An exploiter doesn’t directly edit a script but they can run a tampered copy if they render the original copy ineffective or just change certain things in the environment.

2 Likes

is it possible to prevent “instance.new” on the StarterGui? Like deleting them when its added
Because hackers can use exploiting guis like that…

no, also exploiters use CoreGui which is a protected service

Yes, it’s possible to prevent/detect a new gui instance being inserted into the startergui, it’s very useless to do this though as mostly exploiters use CoreGui which can be accessed using hacky methods which are very private.

This should work.

while true do
	game:GetService("RunService").Stepped:Wait(1)
	game.StarterGui.DescendantAdded:Connect(function(T)
		if T:IsA("ScreenGui") then
			warn("new gui added") -- Detect
			T:Destroy() -- Destroy
		end
		task.wait(1)

	end)
end

That will warn when a new screengui is inserted inside startergui or destroy it, if you have other guis which the game adds which I’m assuming you do you need to make a whitelist table of those gui names to make sure that it doesn’t false positive those. Hope that helps! :heart:

1 Like

Wrong, it’s very possible to detect both instances for both services just coregui requires hacky methods.

that is already patched by roblox and syn.protect_gui()

there are no longer methods to detect coregui.

Wrong, there is still methods of detecting coregui just very hacky methods I won’t be elaborating on them.

That’s for coregui not startergui, nobody with the right brains who makes a exploit gui will put it in startergui.

the method you posted publicly was a very outdated method to detect coregui guis.


and running that coregui remover script no longer works.

Once again the script I posted was for StarterGui not CoreGui please learn how to read, if you read what the person said they were asking for a way of detecting when a new screenGui instance is inserted inside of StarterGui.

1 Like

bro i havent logged in to this threat for like 5 months what happened

1 Like

Sorry to bump, but if I had a modulescript that returned some sort of false value at the end would an exploiter be able to get the original module? Kinda like this:

local module = {}

module.coolThingy = 12

return game:GetService("RunService"):IsClient() and {"haha no hax 4 u"} or module
--would an exploiter be able to read the source of the module and find the value of coolThingy?

They can, you won’t be able to deter them like that.

@mhmdsndb3 the post you’re replying to is three months old and has 75 existing answers which cover everything you’ve mentioned.

1 Like

they can change stuff in their character + the stuff they have network ownership to(including npcs like bosses so you have to change their network owner)

dont forget about the nsfw stuff they can run on their characters with their hats :skull:(you can find it on youtube by searching for roblox fe scripts)