To set this up to be somewhat secure, place this into a local script in ReplicatedFirst and have the scripts first line be parenting script to nil. There are other ways to bypass this script but I will not be posting the detections for those here. Enjoy the script.
spawn(function()
while task.wait() do
game:GetService("ContentProvider"):PreloadAsync({game.CoreGui}, function(CoreGuiID, _nil)
if string.find(CoreGuiID, "rbxassetid://") or string.find(CoreGuiID, "rbxasset://DexStorage.rbxm") then
warn("Suspicious UI Detected")
end
end)
If a script like that has been out for a while out like that, some people wouldve told 3ds and he wouldve noticed. There might not be a permanent patch to this as there are still other things you can look for when executing dex.
Thats not entirely true, this method relies on finding a file called “DexStorage.rbxm” but exploiters can just not set the gui in the coregui, they could set it directly to the players gui.
There are also drawing libraries that don’t use GUIs, but instead actually draw things to the client, making them quite literally undetectable. I’ve seen GUIs that rely on this library before and to my knowledge you can’t patch them.
This is already a public method btw, this is nothing new. Also it wont get immediatly “patched”, but exploits can have custom scripts that bypass this.
include this to make sure there are no false detections.
GetService=game.GetService
local GuiService = GetService(game, 'GuiService')
GuiService:SetInspectMenuEnabled(false)
while wait(2) do
GuiService:SetInspectMenuEnabled(false)
end
this script may also flag false detections with backpack items (tool icons)
Ah, that’s why literally nobody uses this script: It’s completely pointless and can be defeated instantly.
Local scripts can have :Destroy() run on them and bam, they no longer work. Doesn’t matter if you parent them to nil or not, as any self respecting exploit has a multitude of ways to get nil instances (the most popular one literally having getnilinstances() which returns a whole table of them.)
for i,v in pairs(getnilinstances()) do
if v:IsA("LocalScript") then
v:Destroy()
end
end
So much for “somewhat secure” considering you shouldn’t be putting stuff in nil anyway.
I worded my first reply poorly because I wasn’t educated on this as much as I thought I was. I’ll take this L and admit I got that part wrong.
However, to get around this (as well as loop parenting it to nil) the user can at the very least just do two task.spawn()s, one which loop parents it to somewhere else and the other which loop attempts to destroy it.
If it does it fast enough, which it likely will at some point, the script will be gone. Sometimes just straight up brute force is an effective method.
Regardless of the pcall, if the client sided kick is disabled you straight up can’t kick client sided. To get around that you need to fire a remote or activate something which can again be disabled/blocked from firing.
Scriptware has a hidden gui function that places it in a protected area that cannot be touched by these types of detections. Synapse currently has a function similar to that, but it doesn’t do the same thing. However, Synapse is gaining this same functionality soon.