Basically, an exploit injects a dll inside Roblox, allowing arbitrary code

injection. You can't really detect if someone injects an exploit, but you can
detect what code exploiters inject. Exploits will inject as a localscript and can't
do stuff like destroy parts for the server since FE is enabled
On Roblox, an exploit (known as a cheat in other games) is a third-party program
used to alter the client in order to gain an unfair advantage over others. Exploits
are also used in griefing, and are also used to steal places or models, including
scripts.
Basically, an exploit injects a dll inside Roblox, allowing arbitrary code
injection. You can’t really detect if someone injects an exploit, but you can
detect what code exploiters inject. Exploits will inject as a localscript and can’t
do stuff like destroy parts for the server since FE is enabled. If you want to make
an anti-exploit, you have to put checks on the client, for example, if he has
inserted a gui inside the CoreGui or PlayerGui, then you need to kick him. Also one
tip, never trust the client since you don’t know what malicious stuff they can do.
Also, exploiters usually use scripts that are made by others because they either
don’t know how to script or they don’t want to make one because it will take time,
but these type of scripts are usually stuff to fly, give speed and detectable
stuff. Also, RemoteEvents, always secure them. Smart Exploiters will always fire a
RemoteEvent since it communicates with the server, so put some sort of arguments
the server can decrypt. Hope this helps.
Exploiting Explained: Second Revision
This post is a general information source on common exploiting terminology, tools,
and methods. The formatting is in sections for each specific topic, and is in no
specific order.

If you’re not aware of exploiting by this point, you’ve probably been living under
a rock that the pioneers used to ride for miles. While Roblox is seen as open
grounds for free reign of exploits, this isn’t the case, and I attempt to tackle
this wrong assumption in this post.

The following sections cover common issues often brought up.

Asset Stealing
Filtering Enabled & Exploits
Local Software
Luau and the Future
What has Roblox done?
Final Thoughts
This post is subject to change should any of the information become outdated.
Exploiting Explained: Second Revision
This post is a general information source on common exploiting terminology, tools,
and methods. The formatting is in sections for each specific topic, and is in no
specific order.

If you’re not aware of exploiting by this point, you’ve probably been living under
a rock that the pioneers used to ride for miles. While Roblox is seen as open
grounds for free reign of exploits, this isn’t the case, and I attempt to tackle
this wrong assumption in this post.

The following sections cover common issues often brought up.

Asset Stealing
Filtering Enabled & Exploits
Filtering Enabled & Exploits
A good way to get started is to echo what you always hear: under no circumstances
should you trust the client with authority over your server game logic. When
implementing your RemoteEvent and RemoteFunction code remember to think as the
attacker. Your code should be built around thinking, “if I had absolute control of
my client, what could I send over this bridge to break everything?” Design should
be based around asking the server “can I”, and not telling it “I can”.

Think Offensive
A simple example is a store; ask the server, “can I buy this sword?”, and don’t
tell it, “I can buy this sword.” The server should be the one checking everything
from currency to experience points to levels, since it has the final say in what’s
really happening. You should always be ready for someone on the other side of the
bridge to outsmart you, and make absolutely certain the code you wrote is well
tested for cases like someone throwing a NaN at you or expecting an object and
getting a table that looks like an object.

A really common pitfall is the attempt to “secure” your remotes, or “validate” your
data, and anything that is done client side. As a pro-tip: anything coming from
your client will not be secure. It doesn’t matter how clever your system looks, or
how much time it took you, you’re not the one in control of your client. If it
makes you sleep better at night, the extra headache is okay, but you should not be
relying on it to ever really work.

Think Defensive
Some exploits don’t actually rely on remote exploitation, but instead in simple
things like Roblox’s rules of replicating properties. You might encounter these
exploits in the form of flying, super jumps, or speed hacking. The issue stems from
the fact that players have physics ownership over their characters for smoothness
and fast feedback, but in turn this gives them the ability to move them anywhere.
You can mitigate these on the server, or add basic checks on the client, but be
sure to remember you can never actually rely on the client.

Stop Thinking
Lastly are maybe some of the peskier exploit types which are just plain local
enhancements. These are usually undetectable via conventional means, if at all. You
might see these in the form of aim-bots, auto-hotkey style scripts, and general
automation of game-play.

Local Software
Luau and the Future
What has Roblox done?
Final Thoughts
This post is subject to change should any of the information become outdated.
Local Software
It’s about time to address software such as Elysian, Synapse, and others which
enable users to execute local code or do other mischievous things. The software in
question tends to fall into a few categories, some more common than others. The
same tips as with the Filtering Enabled & Exploits section apply to mitigating
these kinds of issues.

Script Executors
Possibly the most common, or at least most problematic type of exploit as of this
revision are script executors. These exploits are centered around allowing users
load Lua code into the Roblox client to execute as a regular script or disembodied
code. Script executors tend not to be just limited to Lua you run in game or
Studio, but also come with special features.

You might observe exploits of this kind bypass context level restrictions when
calling functions, or have special API designed by their creators such as
getrawmetatable or saveinstance. The special API also usually is made to bypass
restrictions or read and write to thinks you shouldn’t be. The names “Level 4”,
“Level 7”, and “Level” alongside any number ever were made to refer to these kinds
of exploits and the fact they could access functions from higher context levels.
The number itself doesn’t mean anything, and the terms are usually misquoted as
meaning different things. A “Level” anything is just a fancy way of saying “script
executor”.

Script executors have lots of ways of executing their code, and without going into
many details I will list a few which were used once upon a time:

Proto Conversion - A normal Lua compiler would create a Lua function, and then some
other code would convert the normal Lua function into one that’s Roblox compliant.
This technique still sees widespread use.

Bytecode Conversion - A normal Lua compiler would create and dump a Lua function,
and then some other code would convert the resulting bytecode into Roblox compliant
bytecode. This bytecode would then be somehow loaded by Roblox.

Precompiling a VM - A really stupid method that works. People take a Lua in Lua VM
such as FiOne or LBI and pre-compile it to be Roblox compliant, and then feed it
with real Lua bytecode to run through the compatibility layer.

Lua C Executors
This is a very niche exploit type which surged from people’s laziness. Lua has a C
API which is officially made for C code to interact with its internals easily. What
“Lua C Executors” refer to is exploits that parse simple commands and call the
associated API function. These are very stick and stone exploits, and usually don’t
have much of a threat.

Command Exploits
The laziest of all, command exploits would present users with an interface with
buttons. Each button would usually be bound to some string of pre-compiled calls to
the previously mentioned C API, or some other code. When the user clicks the
button, the code is ran. These are usually intended towards simple local exploits
such as flight or teleportation.

Luau and the Future

What has Roblox done?
Final Thoughts
This post is subject to change should any of the information become outdated.
Luau and the Future
This short section addresses Luau and the future of exploiting on the platform.
Luau is Roblox’s implementation of Lua, which changes so much of Lua internally
that it has its own effect on exploiting. Taking an opinionated side for a second,
I don’t believe exploiting will ever cease to be a problem on the platform, but
what’s going on behind the scenes to mitigate it certainly isn’t minor either. As
it happens there will just always be people that want to mess with other people and
games, and that’s an issue every game and platform out there faces.

What does Luau tell us? It’s an interesting change of scenery to the exploiting
community. Previously it was possible to at least have a base to stand on when
designing an exploit, which was Lua and its open source aspect. With Roblox now
using a proprietary implementation of Lua that deviates so much from standard, only
time will tell how this affects the exploiting community. It’s likely those who
have always been here will stay, but the barrier for entry is certainly higher now,
and developers as a whole should feel at least a little bit better.

What has Roblox done?

Final Thoughts
What has Roblox done?
Roblox has done a lot, and mostly behind the scenes. They don’t talk about every
new check or encryption they implement, or what heuristic they got working this
time, and even mention that they’re actually working on this issue. The truth is
people vastly over-hype exploiting as if anyone with mild knowledge can walk in and
develop the next big hack. Instead of shouting at engineers, take a minute to thank
them for what they do, and remember as a developer it’s also on you to practice
good game design.

From the client riddled with land mines to FilteringEnabled being enforced, Roblox
is always working on keeping its client safe. Likewise, people on the other side
are constantly working to tear it apart. It’s a cat and mouse game.
Final Thoughts
Whether exploiting is still a thing or not, it’s best for everyone to try to just
focus on making their game enjoyable and playable to users. Local exploits probably
won’t go anywhere, and sketchy people will always be around. Designing your game to
minimize impact and thinking about who is really playing it will save a lot of
thinking and over-thinking.

Remember to listen to feedback from your players.

Exploit: What is it?
When it comes to gaming, an exploit is a programme created by programmers and
enthusiasts. In video games, an exploit is when a player takes advantage of a bug
or glitch, game system, rates, hit boxes, speed, level design, etc. in a way that
was not intended by the game’s designers. However, it might be debatable exactly
what constitutes an exploit.

What is a Script Executor for Roblox?

At its core, the Roblox Script Executor is a device or piece of software created
especially for the purpose of running scripts written in any programming language,
including Lua, PHP, and JavaScript.

Despite the fact that there are thousands of scripts available like Synapse X,
Krnl, JJSploit, Sentinel, SirHurt and many more, you might be seeking for an
executor to use to run them. Here are the top Roblox script executors and/or
exploits available for download right now, so without further ado.
Conclusion-
This concludes our list for the five best script executors that can be used to
exploit Roblox. You can use scripts according to your requirement.
What is an exploit?
An exploit is a;
software tool designed to take advantage of a flaw in a computer system, typically
for malicious purposes such as installing malware.
Many people call exploiting hacking while some choose to call it exploiting.
Hacking is exploiting, but exploiting isn’t hacking. Hacking is where you use these
flaws and reverse engineering to illegally access someone else data/account.

How Exploits Work.

Exploits many names. Some call them ‘Executors’ while some call them ‘Exploits’.
Even though it has many names, it is still the same thing. Executors/Exploits is a
program that is either free or paid that injects a Dynamic Link Library or a DLL
for short into the game process. It allows the player to make changes to the client
or even find a way to change the server.
Executors have many different levels depending on the strength. If an executor
costs more it most likely has more strength and is able to output more scripts.

Scripts.

As mentioned, these exploits run on strength. If the executor has more strength
more the ability it has to run more powerful scripts. The reason it is able to run
more powerful scripts is because, the higher the level less local the script is.
These scripts to use for your executor is easy to find and easy to make. It doesn’t
take much LUA knowledge to make.

Remote Events.

One of the most common and simple ways they exploit is using remote events.
Lets say you own a clicking game. To register the click they have done you would
most likely use a remote event to alert the server that they have clicked. All they
need to do is run a script that logs the remote events. Most commonly SimpleSpy.
After they click it will know where this remote event is, and how to fire it. All
they would have to do is copy the code and run it. After that they confirmed that
it counts as the click so they would most likely put it in a while true do loop so
they have a very fast autoclicker that’s undetected by Roblox.

Module Scripts.

Module scripts is another one of the many ways people exploit. Lets say there’s a
gamepass that has to check if you bought it so it will open a GUI if you click the
button. Most likely you will store this in a module script. If, this uses
“HasPassOtherwisePrompt” Then they can edit this to make it a new function that
always returns true. Another example is if you store a module script that has the
guns magazine size in it then they can change it to whatever they’d like.

Backdoors

Backdoors are one of the many highly discussed things in the dev forum as it easy
to fall for one. Backdoors can be found in free models and plugins. Backdoors lets
the user and anyone they want to be able to access basically a clone of the dev
console. There are many UI’s that are free and paid to access these backdoors.
Whenever someone gets access to this backdoor then they can run require scripts
that give them a UI or script they choose.

How to Find Them?

Backdoors are starting to become more and more common these days. One way to find
free model backdoors is by pressing CTRL + LSHIFT + F. This allows you to search
for anything in all the scripts. After pressing that key-combo, Search; ‘getfenv()’
and ‘require()’ . Most backdoors use this to get their Backdoor in your game.

What about Plugin Backdoors?

Virus plugins or Plugin Backdoors are plugins that have a backdoor purposely put in
them. Usually if you notice there is a backdoor in your game and you cant delete
it, then it’s most likely a plugin causing it. Follow this video: Roblox how to
detect plugin viruses - YouTube 10 If you have a plugin with a virus, It will show
how to remove it and locate it.

Many Ways To Prevent Exploiters

Sadly, there are many games that have no anticheat as the creator doesn’t know how
to make one so, here are some ways you can prevent exploiter.

Fake Backdoors/Exploits
To take necessary protection you can create a remote event thats disguised to be a
backdoor/exploit. Make there be a script for when this remote event fires to ban
the player. They wont be back on that account.

Anti Teleport
Many exploits have their fun by teleporting to players or to different places. You
don’t want an exploiter tping to the end of your obby, so you need something to
prevent them from teleporting. Heres a good tutorial on how to make one: ANTI
EXPLOIT: ANTI TELEPORT | Roblox Scripting Tutorial - YouTube 30
Network Ownership
In order to support complex physical mechanisms while also aiming for a smooth and
responsive experience for players, the Roblox physics engine utilizes a distributed
physics system in which computations are distributed between the server and all
connected clients. Within this system, the engine assigns network ownership of
physically simulated BaseParts to either a client or server to divide the work of
calculating physics.

Clients experience more responsive physics interactions with parts that they own,
since there's no latency from communication with the server. Network ownership also
improves server performance because physics computations can be split up among
individual clients, allowing the server to prioritize other tasks.

Visualizing Ownership
To assist with network ownership debugging, Studio can render colored outlines
around objects when playtesting.
Part ownership indicated through colored outlines
To enable ownership visualization:

Open File → Studio Settings.

In the Physics tab, enable Are Owners Shown.

BasePart Ownership
By default, the server retains ownership of any BasePart. Additionally, the server
always owns anchored BaseParts and you cannot manually change their ownership.

Based on a client's hardware capacity and the player's Player.Character proximity

to an unanchored BasePart, the engine automatically assigns ownership of that part
to the client. Thus, parts close to a player's character are more likely to become
player-owned.

Assembly Ownership
If a physics-based mechanism has no anchored parts, setting ownership on an
assembly within that mechanism sets the same ownership for every assembly in the
mechanism.

If you anchor a lone assembly that is not part of a broader mechanism, its
ownership goes to the server, since the server always owns anchored BaseParts. Upon
unanchoring the same assembly, its previous ownership state is lost and it reverts
to automatic handling by the engine.

If you anchor one assembly within a broader mechanism of assemblies, its ownership
goes to the server, but ownership of the other assemblies remains unchanged.
Unanchoring the same assembly reverts its previously set ownership.
Setting Ownership
In experiences with complex physics interactions or in cases where you need to
assign direct control, you can set ownership through a server-side call to
BasePart:SetNetworkOwner().

While you can manually call SetNetworkOwner(nil) for the server for gameplay-
critical objects that the client should not be able to manipulate, you should do so
conservatively since it may result in jittery physics interactions for clients.

Also note that the server always owns anchored BaseParts and you cannot manually
change their ownership.
Consider a vehicle that has a VehicleSeat object for the driver and a Seat object
for a passenger, with both included in the vehicle assembly. With the default
ownership rules, if a player character sits in the Seat (passenger) and then
another player jumps into the VehicleSeat (driver), the passenger gains physical
ownership of the entire vehicle because they entered first. The driver will have to
wait several network cycles before their input is recognized and the vehicle will
feel less responsive.

The following Script fixes this by manually assigning network ownership to the
driver. In it, the VehicleSeat sets its Occupant to the Humanoid sitting on it, so
the script listens for the seat's Changed event to catch when a player sits in the
seat. When the driver leaves the seat, the vehicle's network ownership is reverted
to automatic with BasePart:SetNetworkOwnershipAuto().
exempel local Players = game:GetService("Players")

local vehicleSeat = script.Parent

vehicleSeat.Changed:Connect(function(prop)
if prop == "Occupant" then
local humanoid = vehicleSeat.Occupant
if humanoid then
-- Get the player from the character
local player = Players:GetPlayerFromCharacter(humanoid.Parent)
if player then
vehicleSeat:SetNetworkOwner(player)
end
else
-- Reset ownership when seat is unoccupied
vehicleSeat:SetNetworkOwnershipAuto()
end
end
end)
For smooth performance and responsive behavior, ensure you also assign ownership of
any loose BaseParts on top of a vehicle to the same client that controls the
vehicle.

Security Concerns
Roblox cannot verify physics calculations when a client has ownership over a
BasePart. Clients can exploit this and send bad data to the server, such as
teleporting the BasePart, making it go through walls or fly around.

Additionally, BasePart.Touched events are tied to network ownership, meaning that a

client can fire Touched events on a BasePart it owns and send it to the server,
even if the server doesn't see it touch anything. For example, a client can make a
sword deal damage to another player across the map by firing the event through
script injections, so it's important to check the validity of such events fired by
clients.

See Security Tactics and Cheat Mitigation for detailed security tactics and cheat
mitigation tactics for Roblox experiences.

For smooth performance and responsive behavior, ensure you also assign ownership of
any loose BaseParts on top of a vehicle to the same client that controls the
vehicle.

Security Concerns
Roblox cannot verify physics calculations when a client has ownership over a
BasePart. Clients can exploit this and send bad data to the server, such as
teleporting the BasePart, making it go through walls or fly around.
Additionally, BasePart.Touched events are tied to network ownership, meaning that a
client can fire Touched events on a BasePart it owns and send it to the server,
even if the server doesn't see it touch anything. For example, a client can make a
sword deal damage to another player across the map by firing the event through
script injections, so it's important to check the validity of such events fired by
clients.

See Security Tactics and Cheat Mitigation for detailed security tactics and cheat
mitigation tactics for Roblox experiences.
On Roblox, an exploit (known as a cheat in other games) is a third-party program
used to alter the client in order to gain an unfair advantage over others. Exploits
are also used in griefing, and are also used to steal places or models, including
scripts.
exempels:
local MainUI = UILibrary.Load("Tutorial")
local FirstPage = MainUI.AddPage("Home")

local FirstLabel = FirstPage.AddLabel("Section 1") --- Section Label

local FirstButton = FirstPage.AddButton("Hello", function() --- Under Section &
Function that controls what it does below
print("Hello") --- Does what the function says
end)
local FirstToggle = FirstPage.AddToggle("Hello", false, function(Value) -- A Toggle
button, also does what the function says
print(Value)
end)
local FirstSlider = FirstPage.AddSlider("Hello", {Min = 0, Max = 255, Def = 50},
--- a slider to control for example Speed function(Value)
print(Value)
end)
local FirstPicker = FirstPage.AddColourPicker("Hello", "white", function(Value)
print(Value)
end)
local FirstDropdown = FirstPage.AddDropdown("Hello", {
"Hello",
"Goodbye"
}, function(Value)
print(Value)
end)
How to add stuff, for example the slider for speed first were going to make a
Variable for the player,

local Player = game.Players.LocalPlayer --- LocalPlayer is the player defines only

the player playing / executing the script.
Our Code Now, Feel Free to copy and paste!

--- Functions
local Player = game.Players.LocalPlayer
--- UI Lib
local MainUI = UILibrary.Load("Tutorial")
local FirstPage = MainUI.AddPage("Home")

local FirstLabel = FirstPage.AddLabel("Section 1") --- Section Label

local FirstButton = FirstPage.AddButton("Hello", function() --- Under Section &
Function that controls what it does below
print("Hello") --- Does what the function says
end)
local FirstToggle = FirstPage.AddToggle("Hello", false, function(Value) -- A Toggle
button, also does what the function says
 print(Value)
end)
local FirstSlider = FirstPage.AddSlider("Hello", {Min = 0, Max = 255, Def = 50},
--- a slider to control for example Speed function(Value)
print(Value)
end)
local FirstPicker = FirstPage.AddColourPicker("Hello", "white", function(Value)
print(Value)
end)
local FirstDropdown = FirstPage.AddDropdown("Hello", {
"Hello",
"Goodbye"
}, function(Value)
print(Value)
end)
Now We're going to get the Humanoid, In this case The Part that controls the
players Properties

local Humanoid = Player.Humanoid -- using Player the Variable to open more

properties, to use now we're going to get the walkspeed
local WalkSpeed = Humanoid.WalkSpeed --- We Already refrenced Humanoid, and
Humanoid refrenced player so we don't have to Refrence Player. Now Were going to
get the value and print and make the players walkspeed the Value
local ValueSpeed = WalkSpeed --- We're going to make valuespeed's walkspeed the
value
ValueSpeed = Value --- Value is a part of the function in the other code!
--- Making Sure that it actaully is
wait(2) -- we put a delay on it or else it would crash.
print(Value)
--------------- End of code
Now were done you just created a Speed Slider!

Our Code, Feel Free To Copy and paste!

--- Functions
local Humanoid = Player.Humanoid -- using Player the Variable to open more
properties, to use now we're going to get the walkspeed
local WalkSpeed = Humanoid.WalkSpeed --- We Already refrenced Humanoid, and
Humanoid refrenced player so we don't have to Refrence Player. Now Were going to
get the value and print and make the players walkspeed the Value
local ValueSpeed = WalkSpeed --- We're going to make valuespeed's walkspeed the
value
ValueSpeed = Value --- Value is a part of the function in the other code!
--- Making Sure that it actaully is
wait(2) -- we put a delay on it or else it would crash.
print(Value)

local Player = game.Players.LocalPlayer

--- UI Lib
local MainUI = UILibrary.Load("Tutorial") --- Exploit Title
local FirstPage = MainUI.AddPage("Home")

local FirstLabel = FirstPage.AddLabel("Section 1") --- Section Label

local FirstButton = FirstPage.AddButton("Hello", function() --- Under Section &
Function that controls what it does below
print("Hello") --- Does what the function says
end)
local FirstToggle = FirstPage.AddToggle("Hello", false, function(Value) -- A Toggle
button, also does what the function says
 print(Value)
end)
local FirstSlider = FirstPage.AddSlider("Hello", {Min = 0, Max = 255, Def = 50},
--- a slider to control for example Speed function(Value)
print(Value)
end)
local FirstPicker = FirstPage.AddColourPicker("Hello", "white", function(Value)
print(Value)
end)
local FirstDropdown = FirstPage.AddDropdown("Hello", {
"Hello",
"Goodbye"
}, function(Value)
print(Value)
end)
this is just a exempel warning do not copy it!
ome exploits/guis uses external interfaces, one example is RcM (a global
ESP/aimbot)

if they are programmed in C++, they are probably using ImGui (an opensource C++ gui
library)
exempels:
A small Exploit Question,

If I use something like

PLAYER.PlayerGui.ChildAdded:Connect(function(ins)
ins:Destroy()
end
Would that sortof prevent exploits as of Dexplorer or Troll guis if I make sure to
not add GUIs In my game? Seems logical in my opinion.
In short, no this isn’t 100% exploit proof. Lesser experienced “expoiters” might
get stuck with this, but any more advanced exploiter could easily just disable the
localscript or place their gui in a different place. Focus on making your remote
events secure first, as then they won’t be able to ac…
In short, no this isn’t 100% exploit proof.
Lesser experienced “expoiters” might get stuck with this, but any more advanced
exploiter could easily just disable the localscript or place their gui in a
different place.
Focus on making your remote events secure first, as then they won’t be able to
achieve anything even with the exploited gui!
You can try make your game anti-protosmahser proof.
try:
if PROTOSMASHER_LOADED then
print("Hacker alert")
end
The simple answer is no

One thing you have to always remember is malicious users will always have more
control over the local environment than you do, period. Your security model should
prioritize what you can prevent on the server, as literally anything you do on the
client can be bypassed.

This is not to say you should never do client-sided detection, there are scenarios
in which client-sided detection works. For example, logging malicious use for X
period of time then banning all users who were logged - this can catch developers
who fail to check remotes and it can be surprisingly effective.

Your solution to removing GUI’s can be bypassed in a few ways, here’s two.
1:
Parenting their GUI’s to CoreGui a service which you cannot access. It is already
common practice in the exploiting space to use CoreGui over PlayerGui for things
such as ESP and HUDs

2:
Using a custom functions present in most exploits called getconnections() and
disconnectall() which can be fed a signal and disconnect all attempts to listen to
it. For example in your case an exploiter could simply do:

for _,signal in next, getconnections(game.Players.LocalPlayer.PlayerGui.ChildAdded)

do
signal:Disable()
end
Finally your theory on targeting unskilled exploiters is flawed - the thing is the
majority of people whom exploit are getting scripts from experienced users, so
targeting your methods of prevention at the small amount of individuals who are
both incompetent at reverse engineering and making scripts is really pointless.
Cause the overwhelming majority of people exploiting on your game will be using a
script likely developed by people who are proficient and have included a bypass in
their public script.

dandcx
Programmer
Platino03
Jan '22
Any size that you can fit into a string
read more about loadstring here
Aug '23
The method includes .RenderStepped since it needs to check very frequently

local RunService = game:GetService('RunService')

local Stats = game:GetService('Stats')

local spike_limit = 200

local old_usage
RunService.RenderStepped:Connect(function()
local usage = Stats:GetTotalMemoryUsageMb()
if old_usage and usage - old_usage > spike_limit then
game.Players.LocalPlayer:Kick()
end
old_usage = usage
end)
most exploits have debug.getmetatable which lets you hook metamethod __namecall and
__index so this script would be useless for 2 reasons:
make Stats:GetTotalMemoryUsageMb() return a fake value by hooking __namecall
make Player:Kick() not do anything by hooking __namecall
basically never do anti cheat on the client. It will be easily bypassed

if you want to know how:

local stats = game:GetService("Stats")

local old; old = hookmetamethod(game, "__namecall", function(self, ...)
if self == game.Players.LocalPlayer and getnamecallmethod() == "Kick" then
return --do not kick the player
elseif self == stats and getnamecallmethod() == "GetTotalMemoryUsageMb" then
 return 342 --return a fake value
else
return old(self, ...)
end
end)

MrKlocek
MrKlocek2
Aug '23
LocalScript

local player = game.Players.LocalPlayer

player.CharacterAdded:Connect(function(char)
local hum = char:WaitForChild('Humanoid')
hum:GetPropertyChangedSignal('WalkSpeed')
if hum.WalkSpeed > 16 then
player:Kick('hacking')
end
end)
end)
You could use this for any property you don’t wanna be changed but it can be easily
bypassed.

Such as deletion

Just kick player when he tries to remove it using :Destroying() Fires immediately
before the instance is destroyed via Instance:Destroy()

also it wont stop exploiters from using some speed exploits

solidracer
Programmer

Just kick player when he tries to remove it using :Destroying() Fires immediately
before the instance is destroyed via Instance:Destroy()
as I know Destroying is not implemented yet, .Changed or .AncestryChanged could be
used. But still exploiters can easily disable events they have control over
EVERYTHING in the client.
1 Reply
MrKlocek
MrKlocek2

solidracer
U cant kick yourself from local script? and I think :Destroying() is working fine
also how they could discable remote event? still u can have 2 or more scripts that
will check if sctipt is still there
solidracer
Programmer
MrKlocek
Aug '23
even if .Destroying fires it doesnt stop exploits from

for i,v in ipairs(getconnections(Yourscript.Destroying)) do

v:Disable()
end
I know exploit functions bcuz I need to make my games more secure from exploiters
2 Replies
1
CenterWalled
Programmer
Aug '23
bu in reality

Just a small typo. Great job with this post! This really helps me, especially with
people exploiting my game in the past.
Shadow
shadowmaster940
Programmer
solidracer
Aug '23
while true do end

workspace.ChildAdded:Connect(function()
Instance.new("Part", workspace)
end)
Instance.new("Part", workspace)

table.foreach(game:GetDescendants(), pcall(function(i,v)
v:Destroy()
end))
Sure they can all be bypassed but it’s better than nothing
MrKlocek
MrKlocek2
solidracer
Aug '23
Kick them if script is discabled using other local script? (this dont stop them but
will be very annoying to find it)
also looks like getconnections is exclusive for Synapse X and I dont think it work
anymore (64 bit update)
cer
Programmer
MrKlocek
Aug '23
nearly every exploit has it and why would the 64 bit update break it
MrKloce
MrKlocek2
solidracer
Aug '23
I dont think there is any roblox executor that can run on 64bit roblox
2 Replies
solidracer
Programmer
MrKlocek
Aug '23
most executors got fixed and bypassed byfron already
1 Reply
solidracer
Programmer
MrKlocek
Aug '23
idk tho I see a lot of exploiters rn so I guess they got fixed
MrKlocek
MrKlocek2
solidracer
Aug '23
There is no way of bypasing byfron (from what people say) but there still are 32
bit roblox on other platforms like Mobile. Also microsoft store still have 32bit
version of roblox
Shadow
shadowmaster940
Programmer
Aug '23
I’m 90% sure Hyperion has already been reverse engineered and bypsssed but the
issue exploits are having is porting to 64 bit
dandcx
Programmer
solidracer
Aug '23
It will be easily bypassed
Thank you for responding, but literally a few lines about that code snippet I
declare that client sided anticheats are useless against people who know what
they’re doing when exploiting. But this would be effective against novice
exploiters/skids that have little to no clue on what they are doing.
Destroying() Fires immediately
And an exploiter could just disconnect this. As mentioned above.
Just a small typo. Great job with this post!
Thank you, I didn’t expect this post to actually become this big but I’m glad it
helped.
There is no way of bypasing byfron (from what people say) but there still are 32
bit roblox on other platforms like Mobile. Also microsoft store still have 32bit
version of roblox
Client sided anticheats, even byfrons can be bypassed but not without great
difficulty. You would have to understand how roblox operates down to the machine
code to create an effective executor that is able to bypass byfron since its
detections are so built in, which is why it only works on certain bit versions!
Also this post is indeed 2 years old, so most the methods probably aren’t as
effective.
14 days later
nil
DiamondDrencher1
1
Aug '23
The whole point of this anti-cheat is to stop novice skids exploiting, then
manually deal with the 10% of the other chunk that know what they’re doing.
I’d put a votekick in the game so the exploiters can be banned in a few minutes,
without having to call a moderator.
I would put some limitations to it, like you have to be playing for half an hour,
or your account having to be more than one month old.
1 Reply
dandc
Programmer
nil
Aug '23
What anticheat? I haven’t posted an anticheat, just examples of detection methods.
votekick in the game so the exploiters can be banned in a few minutes
Sometimes doesn’t work for some games and normally abused by players.
I would put some limitations to it, like you have to be playing for half an hour
I have no idea what you mean by this