It’s sadly impossible, because client side anti-cheat can be simply removed by exploiter
You should consider writing safer code, and if you really need anti cheat for stuff such as flying vechilces or speed hacks, check every few seconds if values are too big and try to correct them, remember that you don’t want to remove cheaters, you want to nerf them, this is the best way to do this
no, because this another script also can be removed or disabled
Server scripts don’t know what happens on client, soo cheater can do whatever he wants, client-sided anticheats are great if exploit is pretty much not important, for instance speed hacks in clicker where you click coins have no real advantage over normal player
Nope all of you are wrong here. You can use a server to client to server model that detects when the exploiter deletes or disables the local script by repeatedly sending information to the client which then has to be passed back to the server. I don’t recommend anti cheat at all though. Performance and quality will always be #1 and games that are prioritizing those two things become so popular that the sheer volume of players outnumbers exploiters entirely. It used to be atrocious when ro searching was a thing and exploiters could select who they want to target but that no longer exists. Reject character deletions also exists now so most of the really bad stuff is gone
Lol that was a nice try but fortunately this model is a lot more complex than that. Good luck using a remote spy to find out that you have to guess the exact integer from the server every single time between 0 and 2,147,483,647.
Side note: You can make it encrypted and even worse than that, but let’s leave it to them to try and play guessing games… only to get kicked
how do you plan to send data to the client? Any way, exploiters can intercept it and literally just send it back as the server wants it, whether that be by adding a connection to RemoteEvent.OnClientEvent or by hooking Remote.FireServer, retrieving the data, passing it on, and then gathering that data to figure out an encoding pattern of some kind.
Also, what about laggy players who have more latency? How will the server distunguish between lag and overall not sending the data (a compromised anticheat)?
There’s no point giving me a “file to test myself”. Studio has nowhere near as much access to tools as exploiters have, you’re just trying to trick me into thinking I’m wrong.
Your system has many flaws. It’s impossible to make a perfect client anticheat. So, no, when you said that we were all wrong, we weren’t. We were just covering different aspects which you clearly haven’t considered.
All it takes is one exploiter to get past it, one exploiter to get that seed you use for two pseudorandom generators, one exploiter to get the encryption method on that remote, and then it’s all gone.
Anything on clients can be cheated. Anything. Users have full control over their computer, and by extension full control over the code you gave them to run as well. So all I have to do is find the functions you use to handle remote events and use those, or in a script of my own copy it and delete your script and replace all the connections with mine in one go. It is impossible to stop that from the client only since I can just use/edit your protections. The only security is server sided only. (Like make sure that messages only come when expected or that players can actually do what they claimed)
Sending a place file is not going to help much. Studio doesn’t have the tools that cheaters have so you might not be able to break it in studio with a place that is already running. The closest you can come to simulating cheating tools is just making any changes to client sided scripts you want before hitting play. It’s not a perfect comparison, but the hacking tools are against tos to use and so the place file won’t really help.
(Basically all I have to do is load your encryption stuff the exact same way you do and then I can just use it and share my solution with others)
Oh really? Then why don’t you just exploit clash royale and make $1000’s on the black market selling clash royale accounts? Oh wait that’s because clash royale is hard coded in C language and good luck trying to decrypt all the functions of a game made in C
I’m not trying to trick anyone here. But hey by all means keep those beliefs that exploiters are these all powerful beings, you’re feeding their ego really nicely. And don’t be fooled by my message to that guy about C language, Lua can also be encrypted and everything in Roblox can be anti cheated. But it will just ruin your overall game quality, performance, and design, therefore I personally could care less about anti cheat because I think it’s a waste of time since exploiters are like little tiny fish in a pool with sharks and whales.
I wholly agree. But any anticheat should be server based if you don’t want it bypassed. This post is about a client sided anticheat which is not secure at all. Efforts are better spent doing server sided validation to minimize cheaters effects on actual players.
100% I agree. You might as well do it on the server if you plan on doing any anti cheat at all. The model I explained to use would work perfectly against exploiters who copy and paste scripts off of youtube and don’t have a clue how to code whatsoever. Don’t think there isn’t ways to do it on the client though because there definitely is but it would take many hours setting it up(you can shorten this depending on how good you are at tricking them), time that should’ve been spent on the game, not worrying about cheats. It’s not ideal on Roblox either. Obviously other platforms have more secure options than Roblox provides.
