Hi everyone knows about exploits,
Common executors inject local scripts into the player, where are these scripts located?
4 Likes
For anti exploits would be in StarterPlayerScripts.
1 Like
depends on where it belongs to
but most of them are in Workspace and ServerScriptService
Most exploits don’t like you seeing their scripts in the game. They either go into a special folder, created by the exploit or they are parented to nil so that you can’t see them but they still run. For UI they mostly go into Player GUI But hold names that would make you think it’s an official roblox UI aspect, which most of it isn’t as all of that is hidden in the Core GUI. (There are still UI’s that are roblox associated in Player Gui.)
4 Likes
They’re probably located in the PlayerGui if the exploit is a gui.
Script executors such as Synapse insert their script to nil. This makes it impossible for you to detect and find the script.
If it is a GUI, then it will be inserted into CoreGui (most likely).
4 Likes
Most of the popular and good ones are parented to nil.
Bad ones to custom folders
Most are located in “NIL”, but sometimes to the StarterPlayerScripts " YouCantEscapeUS_DGL" said,
It’s nearly impossible to check if a script has been executed since most randomise their names. Most good scripts are located in CoreGui, “a safe place to put user interfaces that is hard to detect by game scripts.”
2 Likes
Actually, it is pretty easy to detect them. (Also, Synapse has a function to bypass this)
1 Like
actually no, they inject mostly in the CoreGui so we can’t access it.
1 Like
What if I make a script that only keeps the original Ui’s from startergui and deleted anything thats extra?
3 Likes
The scripts are parented to nil. You can’t find them nor index them for exploiters use metamethods to prevent detection.
This is false. The client has no access to server stuff so they can’t be in ServerScriptService nor ServerStorage. Also if they are anywhere at all, you could detect them. Exploit makers aren’t dumb enough to just put everything a user executes in Workspace waiting for a game developer to detect them and punish them. Because of this, they use the game’s metatable to make the scripts invisible to anyone / undetectable.
So the best way is to just make an anti exploit then, If there was a way to prevent the source we don’t have to do this.
Can roblox detect other apps open? Like detect synapse X for instance?
You cannot detect any third party software because roblox doesn’t give you the resources to and every client sided anti exploit can be bypassed. They usually edit the game’s metatable for when you (for example) check if the player is changing their WalkSpeed, they will use the __index metamethod to return 16 so that your anti exploit doesn’t suspect them.
1 Like
Some exploits don’t even use a LuaSourceContainer at all.
There is no reason to make a anti exploit client-sided as they can disconnect the events, they can even disable/destroy the script.
Secure your RemoteEvents if you have any.
2 Likes
syn.protect_gui? Once, I saw CrystalAC bypass it (someone using remotespy, then getting kicked shortly after).
They just put the GUI in CoreGui, the scripts are still saved in nil
Looking in the replies, I don’t think it’s possible to detect exploits saved in “nil” or whatever, your best option is to secure remote events/functions if you have any, make sure you put important scripts as a server script and not local script since exploiters can easily delete or modify local scripts, and try making an anticheat preventing things like flight, noclip, walkspeed & jump power modification and more.
That’s what I said…
1 Like