We have made a secure sword as Xnair to avoid SF exploiters.
The Model: Xnair Secure Sword - Roblox
Test Place: Cool Sword - Roblox
4 Likes
Hey I found this post coincidentally but decided to give it a few tests. Although it can handle scaling, it doesn’t appear to handle position changes.
This is the code I used for this test:
tool.Activated:Connect(function()
sword.Position = workspace.Dummy:GetPivot().Position
end)
Which resulted in this
https://i.gyazo.com/210199f2e1b445fb2eb525d5f03f620b.mp4
Maybe you could consider encrypting the handle’s CFrame in object space relative to the Grip. and aligning based on that
3 Likes
If your sword is well scripted, there is no need to do an anti exploit.
You first should not use a remote event to start your server sided code as the “Tool.Activated” also work in server sided script, why wouldn’t use it ?
Also using touched to cast damages is a very bad practice, you should use a raycast or magnitude instead (in a script using ToolActivated), which is a lot better overall.
I will focus on fixing vulnerabilities.
I’ve fixed some vulnerabilities, you can test it on the place. Also @Lauri9 currently I did not made any fix to your code because it’s very obvious that it is an exploit.
Makes sense although thats only how it looks on the client doing it. On the server it would look like the person is just swinging their sword so they could put a condition where it’d just look like reach.
Fixed another vulnerabilities, currently I’ve decide to obfuscate not only encryption module but also Server and LocalScript to ensure the full security. If you do not trust than you do not have to use it.
(Currently you can only test it on the place, I’ve closed the model temporarily)
read correctly
but english is not my first language so i can’t read correctly
The reply clearly says the model is temporarily closed.
I have reopen the module (I were not expecting those attentions)
- You have to know this version is still exploitable after a hard effort, but all of the exploiters have to update their scripts. So this will probably be best solution for a long while.
1 Like
I have updated the Enigma module, now it’s more safe and configurable. You can also use the module for securing any melee tech.
This is useless, I’ve been in the exploiting scene for a while (say what you want about me and my client anti-exploits), but this is just not needed.
If your code you’re sword with a decent raycast system and 2-magnitude check’s from the Server this just won’t be needed.
HOWEVER
I do appreciate you trying to help and or contribute to fixing the growing exploiting problem on Roblox.
2 Likes
Hey just thought I would let you know that security through obscurity is not really a good idea. I was able to recover what I believe to be the source (with some modifications for clarity) in <1 hour, and I did that mostly manually.
Also if you were going to think about trusting the client in any form you should implement a handshake between the client and server. I personally would highly recommend not trusting the client with anything remotely important at all, in this case information about where things are. This can lead to issues in the future for people using this resource.
Since both functions are exposed an exploiter could theoretically deobfuscate and figure out what the functions do or require the module get the function and tamper with the values being sent and they would only need to understand what is being passed into and returned from the “Serialize” function without even needing to deobfuscate the source.
3 Likes
Let’s also make it clear obfuscation is against Roblox’s TOS.
1 Like
This sword is pointless bloat, just branded junk if im real. all you have to do to fix this is check if theya re touching on server, no need for this entire post
1 Like
Pretty sure that the only time it is against Roblox TOS is when uploading it onto the marketplace. Which I will agree in this case it is against TOS and would allow a model / package / plugin to be removed. If it’s within your game and you didn’t directly upload it to the site for others to use you should be fine.
1 Like
I’ve just meshed the code with my own hands.