[WORKING] How to detect DEX Explorer

fortunately, the people who made this cheat to steal data from various games forgot to protect against light detection for the presence of strange new guis in PlayerGui or StarterGui.

here is a script that detects ALL versions of DEX (probably)

script:

local function generateRandomString(length)
	local characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+[]{}|;:,.<>?"
	local result = ""

	for i = 1, length do
		local randomIndex = math.random(1, #characters)
		result = result .. characters:sub(randomIndex, randomIndex)
	end

	return result
end

for _, i in pairs(game:GetDescendants()) do
	local new = Instance.new("StringValue")
	new.Name = "TweenInfo"
	new.Value = generateRandomString(30)
end

local script:

game.DescendantAdded:Connect(function(sus)
       if not sus:FindFirstChild("TweenInfo") then
             game.Players.LocalPlayer:Kick("u very sus")
       end
end)
  • this works with all “cheats”, so to speak, that have not protected their code from detection
2 Likes

This is cool and all, but the bad thing is Dex will most likely patch this in the next few weeks. You get two coefficients tho :coefficients: :coefficients:

3 Likes

What if I call Instance.new for, say, server projectiles?

1 Like

the old dex without any protection is widely known, but it is not fixed - because all the sites are filled with their old parenting methods, which are easily detected. :man_shrugging:

debounce the script that detects for 0.001 seconds so that the server script has time to whitelist it by creating this TweenInfo, or don’t use Instance.new(), instead make your own templates that will be in ServerStorage (I may make a mistake in the text, I’m from another region)

did you forget to parent it?
also, i still dont understand this, like findfirstchild in dex should have also gotten tweeninfo

already know, i making better version

1 Like

exploits have built in function like protect_gui() and gethui() what is designed to keep the gui hidden and secure also even if this worked people can just decompile entire game by calling saveinstance() function

this is understandable, but not with everyone, just like with DEX

Hate to break it to you but you can easily detect those.

Besides, protect_gui is a Synapse only function, which doesn’t exist anymore.

its waste of time because it would eventually get bypassed you should be focusing on adding new features and adding server checks

ok, but in this article I meant how to protect your project from DEX and other scripts that are easy to detect for beginners and another developers

it wont work on actual executors like mobile executors and ones that are stable but thanks for the contribution

Your argument is flawed – you can detect it as easily as they can patch it; you just need to be skilled enough have an understanding of the Roblox Engine.

Prime example is the Delta devs failing to unpatch their executor from Da Hood due to their sheer incompetence.

3 Likes

and they can unpatch easily too because everything done on client can be exploited exploiters can also hook functions,decompile scripts disable connections and etc

when working on a experience you have to make a choice

a. work on actual content & improve player base experience
b. focus on detecting roblox exploits (something that will eventually get bypassed)

my point is instead of focusing on preventing exploits you should be working on actual content especially since the exploiting community died take roblox bedwars as example they still have exploiters but they are still on the front page with 45 k concurrent players as of right now

The mainstream mobile executors tend to be in general very lacking in terms of functionality, which naturally also means they also tend to be rendered unusable / detected pretty easily by an experienced developer. Your baseless claims do not prove how mobile executors do prevent the detection from working successfully.

because most of the time the exploit scripts are the one that bypass the detection by doing hooking

Those functions you cited are sadly extremely detectable, and can be mostly rendered useless if not preventable at all. For hookfunction, simple stack frame or cl info checks will reveal a function being detoured pretty easily, as theres no way to fully prevent the bypasses to these checks from being detected, and will rather result in additional detection vectors. As for connections, things tend to be trickier, but you should know as an informed developer that client-sided connections aren’t ideal to detect exploiters, as they can be trivially disabled, and should only be used as another layer of security against skids. Finally, decompiling can easily be stopped by obfuscating scripts, or using flaws in a decompiler where certain parts of the code / closures won’t be decompiled, although the former will usually be better.

Demonstrate a video showing that this works

1 Like

of course it will, but I’m developing a more reliable detection system so it will have to wait a bit