Everybody shush, and read the clientside section, the main section, and the footnotes. It’s all there

When a hacker is running saveinstance(), their memory usage increases. If anybody can figure out how to read and use this data, please let me know.

saveinstance() saves a game and decompiles all local/modulescripts and puts them in a nice lil’ folder for mr. hackerman

Whatever you do you shouldn’t make memory checks to detect any type of exploit, even if it works for all of them (including scripts in nil and CoreGui). An average exploiter can bypass this very easily by hookfunction, which let’s them easily manipulate methods and make them look different than they actually are. But Stats:GetTotalMemoryUsageMb() exists, if you insist.

No. Well not server scripts at least, at most they can steal local and module scripts. That’s why its a good idea to keep module scripts in ServerScriptService because anything in there does not replicate to the client. Same goes for ServerStorage. But the exploit program has to decode the script into something readable by you. From what I remember, Krnl does not have such an ability. Synapse does though (but its a paid program vs the free program known as Krnl).

Note, due to developments in the past few months and ROBLOX taking more action against exploiters, the post may be out of date. Revision 3 of the thread coming soon!

Could you actually check with FindFirstChild to see if the ValueBase is there, and if it isn’t, could you kick the player assuming they were hacking, if this script was fully server sided, on ServerScriptService or ServerStorage?

Can you use require() on all scripts and local scripts?

Place your scripts in server script service and use the require() service? Will this prevent any hacking mid-game?

Is revision 3 of this post out yet?

it probably never will be out (rip)

The post itself is nice, and it’s good to know what they can’t do.

For any hackers reading this, please read the rest:

Hacking itself is a task of harm and destruction. Though this is Roblox we’re talking about, currently Roblox has taken steps to even sue you for hacking. Please do not hack anymore if you do. Because, according to Information and Communication Technology Act 2006 (Amendment 2009), the offence of hacking carries a 3-7 years prison sentence. The puny-tiny hacks you pull out in Arsenal for just 1 match is going to make you regret your entire life as something like this could seriously happen. I hope this brings an effect on everybody.

(sorry for going out of topic)

Love the good work brothers, keep it up. Much love to all that have contributed to this post.

Nope. They only sue pedos, groomers so far.

and yes, this is a true topic. never put important scripts in the character

Exploiting does not instantly mean it’s a “task of harm and destruction” they also aren’t going to sue you for abusing bugs from Roblox experiences with a external client.

Also HACKING is NOT the same as EXPLOITING. You don’t “hack” on Roblox… You exploit which is basicly abusing bugs to do stuff you can’t normally do as it’s not intented by Roblox or the Experiences creators. Please man before saying stuff about hacking actually find out what the difference is between hacking and exploiting.

Hacking is exploiting, but exploiting isn’t necessarily hacking. If you actually learn pen-testing you’ll realize that everything about ‘hacking’ is just finding open vulnerabilities and exploiting them. Or as you put it, ‘abusing bugs to do stuff you can’t normally do as it’s not intended.’ That’s what hacking is. Exploiting is a more broad term and also includes things like duplication glitches and abusing economy systems in ways that nets you more money than the creator had initially planned on. Don’t say that people don’t hack on Roblox though, that’s just not true. Hackers make up the majority of Roblox exploiters.

???
I hope you’re joking because that makes no sense…

can they change value like IntValue or BoolValue when it’s parented to the player object? where playergui and backpack belong…

Quick question, can exploiters spoof any type of GetRankInGroup checks, I’d assume not, but just to be sure.
Like can they bypass things like: if plr:GetRankInGroup(group) >= 254 then?

Yes, they can, although this won’t replicate to the server meaning that it won’t change for the server. If you want values that should only be accessed by the server, store them in ServerStorage.

If that code is in a Localscript, then yes.

If it’s a Server script, they can’t.

Yes, they can, that is why you do these checks on the server where they cannot be spoofed. Try sending a remote event form client to server, then when the server receives the player from the event, you can check the rank from there.