Why can't we modify the game metatable or access coregui?

Really nothing else to say here. I would think by being able to access the game’s metatable, we’d be able to patch exploits much easier.

There’s a very simple reason to this and that’s security. Exploiters aren’t the only type of malicious actor: there are many categories of bad actors. Allowing access to internals opens the gateway for malintent much more easily. There’s also a reason why there’s already heavy restrictions regarding these right now as it is, such as disallowing developer Guis to render over CoreGuis.

These two items are bad ways to patch exploits anyway. Focus on securing your server, not trying to beat the client on their own machine. Feel free to do that once your server-side is actually secure and can’t be leveraged by exploiters.

Somethings can’t be patched on the server such as ESPs. If only a specific set of devs are able to access the game’s metatable and coregui then the issue of developers using this feature maliciously would be much rarer.

I agree that a lot of exploits can be prevented on the server, whether that’s by using sanity checks or just simple math, the issue with server checks is that often times it’s hard to tell whether someone is exploiting or simply lagging (fly checks, speed checks, teleport checks). In some games, this is extremely cumbersome due to the vast amount of ways to maneuver (Rogue Lineage is a prime example).

As a result, client anti exploit detections are essential. However, they’re easily bypassable due to our lack of authority in our own games.

Or maybe my anti exploits on the server are just garbage lmao

That doesn’t really make much sense. If you only give the feature to a “specific set of developers”, that makes the whole idea moot to begin with. Unlocking a feature like this means granting everyone with Studio access to a game that kind of ability, which in that respect opens up the gateway for bad actors.

If you can’t patch something from the server, tough luck frankly. That’s not the point I was driving home. Secure your server to prevent it from being leveraged first, then feel free to do something about client-based exploits. Again: fighting the client on their own machine is a battle you won’t win, period. Pushing an update that’s a security vulnerability such as unlocking either of these is not a magic solution to exploits.

1 Like

Why would it have to be granted to everyone? I understand that server anti exploit measures should be the priority but again, what can things be done about exploits like ESPs which cannot be detected on the server at all?

It’s not a magic solution, that’s a given. But what better solution is there to combat these exploits (specifically client-only exploits)?

I agree that “fighting the client on their own machine is a battle you won’t win, period.” But I would think this is because exploits already have much more authority than normal scripts. Look at for example Valve’s Anti Cheat or BattlEye, though they are not perfect, they are much better than any anti-exploit we developers implement, and this is due to having full access to the game.

I very clearly explained why and have also addressed the rest of your woes in my responses. Take it or leave it, I’m not going to repeat myself a fourth time.

You are asking why you can’t access internals and I told you that it is for security reasons. There is no other explanation. Roblox is not going to jeopardise game security or access to items you shouldn’t have so you can fight a battle that can’t be won against all kinds of bad actors.

If you can’t catch it from the server, tough luck. Feel free to try something on the client but the headache of maintaining that is up to you and no one else. Hide it in your game code or do whatever, that much is up to you. If your client-side anti exploit fails, again, tough luck.

There’s little comparison between Roblox games and other games. Roblox is a platform for which its games are sandboxed within. Other games write everything from zero up. That’s excluding any engine that they may use, for which the terms of use are up to the writers of the engine: some are closed source, others are open sourced. Roblox is closed source.

Bro what

You didn’t explain it bruh.

Unlocking a feature like this means granting everyone with Studio access to a game that kind of ability, which in that respect opens up the gateway for bad actors.

This is not an explanation at all. Why would they have to grant everyone with studio access? Please explain because you did not explain it at all in your original post.

I already told you one possible solution to fix these security issues. There’s no need to repeat yourself. Roblox is not going to “jeopardise game security” to all games but I don’t see any reason why not if they allowed some games like Jailbreak or any other trusted game access to the feature.

“Tough luck”? Are you serious bruh. This feature would allow us to patch these exploits.

There is a comparison. My point in comparing Roblox to these other games is to show that by allowing the developers more access to the game, anti exploits can be made much better. There’s no need to allow access to all internals, but the more, the better.

I also realize this post has turned from a question to a suggestion and might need to be moved.

No just doesn’t work as an answer for you, does it? There’s not going to be a circumstance where it turns into a yes. I don’t see the point in arguing it: it’s not happening.

I’ve explained it very clearly. If you wish not to read my posts, then I’m not the one losing out. Roblox will not allow access to these items in live games for SECURITY REASONS. I am highlighting that word because apparently that’s not sufficiently understood here. There have already been many requests to access the CoreGui, which have been turned down respectively. Search those up if you’re interested in a read, I won’t be linking them.

This is an unsubstantiated remark and it’s not a good idea to spread rumours about games like this. No games are given such access to features. Roblox doesn’t give engine leeway to top developers and you don’t have a way to prove this unless you have access to their code, which I doubt you do.

Don’t say something you can’t prove.

I am very serious. Tough luck. Use whatever methods are currently available plus your own code to patch exploits. Secure your server first.

I realise I said I wouldn’t repeat a fourth time, but I ended up doing so. Either way: I’m no longer reading or replying to this thread if you can’t be bothered to read my posts or you can’t take no for an answer, because that’s exactly the kind of response you’re going to get.

Have a good one.