Exploits Are EASY to Fix, People Are Just Lazy
Вставка
- Опубліковано 22 кві 2024
- Adding new course units soon, buy now to get them for FREE:
linktr.ee/ByteBlox
discord: / discord
wondered how to make a main menu in roblox studio? or how to create a shop which has working GUI? ive made lots of 2024 roblox scripting tutorials about all the different bits of roblox to give you some up-to-date information about all of its properties and events.
my goal is to simply give some insight on how to use the various features and instances roblox studio, and show you some fun stuff you can do with them. thanks for checking out this roblox scripting tutorial :) - Навчання та стиль
get 50% off my course with code "FREAKYBLOX" (2 days left):
linktr.ee/ByteBlox
Hello ByteBlox Im Subbed
Hello byte, could you make a video on beizer curves i think its overlooked in the roblox studio community and also on flipbooks
Could you make a busting tutorial
Could you make a busting tutorial
Could you make a busting tutorial
I have no idea why I clicked on this video
Look at the title bro, "people are just lazy". You're looking for people with the same personality trait as you
Me neither man, haven't touched a script in my life
People are just lazy at click this video💀
The mysterious forces
@@nonproductiveproduction Who hurt you?😭
Longest explanation for a "exploiters can execute local scripts." Ever.
would’ve been useful for stupid me back then to be fair
didnt even explain that being able to manipulate movement so easily is only specific to movement (because roblox doesnt do any base security checks for movement because that would very quickly interfere with ALOT of games), and trying to do the same for anything else is 100x harder unless the developer added a foolish remote function or event
in practice its more like "exploiters can execute local scripts that have more permissions and more power than local scripts themselves"
@@omgdodogamer4759 "because roblox doesnt do any base security checks for movement because that would very quickly interfere with ALOT of games"
Roblox gives devs an option to do it, the only game i saw having balls to enable it is Bedwars in rare cases
yea no shit because most people dont understand it
ah yes
lets have thousands of events go off for every object to stop the most basic form of noclipping
Yes 😈
@@byteblox100 i would love to see your server memory implementing a system like this on a semi sizable game with a few players.
will be the reason everyone gets 10k ping
"Hey Why is my ping rising... BRO WHY IS IT RISING ITS 28k... HELP ITS REACHING 479K"
all you have to do is noclip through the part but since ur in an invincibility state then the anticheat won’t catch you.
Exploits isn't always as straight forward to prevent as you might think. There might be cases where a combination of multiple things causes something unexpected to happen, which will allow the exploiter in question to manipulate something in a certain way. And especially, if you're a small team of developers, finding all of these edge cases is really difficult. You prevent what you can see usually, and what you have time for. Keep in mind that players expect updates almost weekly, so finding the potential weakpoints of your game and patching it, while also releasing new content isn't really that realistic.
That being said, sanitizing and rate limiting remotes is something that should always be done. Prevent the obvious, but don't spend too much time looking for and fixing very small issues.
Is there such thing as hiring white-hat hackers/exploiters to find bypasses/holes in anticheats, or is that against TOS?
Players expect updates weekly?
@@awesomesauce-kg9xn if players expect updates weekly then I'm a millionaire
@@awesomesauce-kg9xn not always big games, but, he meant weekly cuz this is practically the norm for updates, especially for rblx devs' games. tho, half a month or a month - too, but potential games are oriented towards weekly updates, that leaves plrs inspired and entertained for such games.
@@oranglikes an update a week is insane
I feel like people arent lazy, its just some SOME game have such complicated fighting/ability systems that code that prevents them from exploiting would interfere with the ability/fighting code.
Games can put a boolean statement that exempts the player from anticheat given a period of time
@@TheLordircan’t exploiters find a way to abuse that then? Also, wouldn’t it have to exempt you from it before you do the action?
@@TheLordirlook at stuff like deepwoken and rogue lineage, they have anticheat but people always come up with new cheats to break through it, you can never make a full proof anti cheat
Like, even billion dollar companies like valve don't have full proof anticheat for CSGO, what makes you think some random dude on Roblox is gonna be able to do it?
i must inform to you that the information you have provided is false, say this, if i were to run a script that makes all parts inside the game untouchable, it will make it so the part attached to the player to not have touch either, and with that said, the best way to do it is, make a system that detects if the players humanoid root part and head and torso get detected if it goes inside a part, and if it does it teleports the player back where they were 2 seconds ago, and even if they have no collide or smth like turned off touch it will still work if you make a script / local script / module script thats not apart of the part, but as a system that detects the player inside a wall without it
@@hyperbroli6672 honestly, valve isn’t the best analogy because they literally just couldn’t care less at the moment lol
I've been a exploit/script developer for 8 years since the nofiltering era, and I'm just going to say this is extremely easy to bypass that it's not even funny. Scripts will obviously be intended for non-generalized use, such as specific pin-points. No actual script will be this easy. For instance, if you have a local script that contains gun functions and it calls the local player's camera, instead, I can use metamethod __index to return the wrong class type which would then create an error in the server script itself removing the anticheat completely, this has been done on multiple occasions on many games. Exploits are not easy to fix, all you did was spend 11 minutes trying to patch a 1 line script that can be re-bypassed with again, just 1 line.
you can also remove your character completely then re-call it on the client, and add in the humanoidrootpart (server) after classifying network ownership (if not taken by another exploiter), create a new model type, add it in as local player's character, teleport the humanoidrootpart (local) through the part, delete local humanoidrootpart, and then clone character (server) and add the server-sided humanoidrootpart back inside the local character to make it a serversided character, this is exactly how serversided fake VR worked back in 2021
@@autistacatRCD and some updates to character loading actually patched this
@@skyr3x anticheats are a constant fight and everything can be bypassed eventually
that's true but you don't realize most exploiters are complete skids who use other peoples code, which most of the time can be caught by simple anti-cheat
@@toby-we3zj the modern economy of scripts used by skids are gigantic all-in-one hubs which are usually maintained actively with features taken from everywhere the owners can get them, meaning that new/better methods of doing something spread quickly into the products that little kids end up using which gives them a lot of the decently made scripts that were usually locked down to people who know what theyre doing or by people who constantly keep up with new releases on forums
As someone who used to make exploits myself, the "patch" you made is completely garbage.. you can literally counter your patch with one or two lines of code. Developers are not lazy, sometimes they just choose not to interfere with the player's experience in the sense that your anti exploit could falsely flag a normal player.
This is true especially for games that use admin commands.
i dont think a new hitbox could 'falsely flag a player,' as every player would have it, anyway. as for everything else, i agree.
however, roblox themselves are taking active steps to make cheating itself very difficult so the rest of the burden lies on games that really take skill into account, like competitive games. some games just dont require that type of treatment.
Congrats! You (poorly) patched one of many ways to noclip.
make the hitbox tween and it fixes pretty much almost every noclip
@@alexskorpik11play79 You dont know shit about exploits LMFAO just shut up fr
@@alexskorpik11play79 thats awfully expensive for the server to compute. and you still have all kinds of other exploits to patch.
Why don’t you make your own version instead of hating :)
@@OvisArries If you have a decent knowledge about scripting on roblox, you would know that this method is very inefficient and unscalable.
"If your game has a exploit, shame on yourself." - EXPLOITS AREN'T ALWAYS "EASY" TO FIX.
it's ragebait.
@@disrecededor an opinion who knows
Especially in games like blox fruits. For example: Try teaching system to figure out who's teleporting with in game ability and who's doing the same thing with hacks.
And that's the easiest example....
i think he means more like the really basic ones like flying noclipping btools, etc
@@6o6yuH_23 Thats actually pretty easy, assuming you already had a system to detect teleportation, but that base system is the hard part
A small note. EVERYTHING to do with the character is managed by the client. The server does zero validation. So, on the client, you can just... set your position anywhere. And the server accepts it. All character physics are on the client.
he should’ve also explained network ownership.
This is the missing detail that was glossed over. I feel like he knew and could have talked about it for a more rigorous explanation.
@@MeanSoybean Byteblox doesn't really seem to understand this.
@@discussions. isn't it called physics ownership?
If you're not doing a whole lot with characters, Chickynoid might be something to consider. Its drawbacks might make it hard to integrate into an existing project, though.
How to solve exploits like big games:
Step 1: give them $100k worth of ingame items
Step 2: Enjoy
step 3: go bankrupt
@@h1mm779 step 4: burn plushies
fastest way tho xd
they do not
say i don't know how online security testing works without saying i don't know how online security testing works
Byteblox ragebait is insane 😭😂
What ragebait?
@@Hamdidittoogoogle it
ur mom
Piece of media purposely meant to piss people off and gain interaction due to them being pissed off @@Hamdidittoo
Ur dad
0:00 - 5:21 Explanation Of Exploiting
5:21 - 11:00 Telling You How To Fix Exploits
Correction: Telling you how to "fix" exploits, but not really telling you how to fix exploits.
Left ear: Hkmori - Anybody can find love but you
Right ear: byteblox 2x speed
deccelerated learning
the hkmori cancels out any knowledge learned from byteblox
@@Anarqism what knowledge?
@@Anarqism pretty sure he's a troll
that song is so peak
3:50 The shadow💀💀💀
What is wrong with it
Oh yes, It has happened again
thats wild
@@Nigjaslayer9000the shape…
how the hell did you find that
ByteBlox, i must inform to you that the information you have provided is false, say this, if i were to run a script that makes all parts inside the game untouchable, it will make it so the part attached to the player to not have touch either, and another thing the expolit can do is just delete the entire part connected to them, and with that said, the best way to do it is, make a system that detects if the players humanoid root part and head and torso get detected if it goes inside a part, and if it does it teleports the player back where they were 2 seconds ago, and even if they have no collide or smth like turned off touch it will still work if you make a script / local script / module script thats not apart of the part, but as a system that detects the player inside a wall without it
The best way is to make a regular scripts in this case, exploiters can disable local and module scripts on the client entirely
That is indeed a great way but the reason games dont do that is having alot of checks for different parts and for each and every player starts to slow down the game a huge amount
That’s probably true. I just suggested the hitbox as a quick potential fix, but the better way to do it would likely just be to fire raycasts and check player position
thing is players can still make a script to automatically teleport them back since movement is left unchecked by roblox's anticheat
The best anticheat is detecting client guis or smth like that and banning them.
Kinda like adinos admin but better and not bypassable.
It will ban Arceus x and codex users quite easily, but experienced exploiters can still bypass them.
It's not as simple as you think. Yes, that is a way to detect cheats, but it can also be incorrect. Many games use client-only aspects, and it is harder to differ between what should be different on the client and what shouldn't. If you have a barrier that players shouldn't be able to go through, this is indeed a way to detect and prevent exploiters from going through it, but it won't be as simple for client sided creations. An example, is a game I am working on, which allows a player to fly around in outer space. The flight system I made for that is almost fully client-sided, and it would be more difficult than this for me to detect the difference between an exploiter's flight system, and my flight system, or to detect if an exploiter edited a value or my game did it. Tbh, Idk who would ever even need flight exploits in a flight game. A better solution to a potentially flawed anti-exploit system that may detect innocents, or people who affected by a roblox bug, would be to instead implement a report system, along with action, chat and movement logging. In many cases, a human-mod system will be better than an auto-mod system as long as the humans are not corrupted or bad. Roblox's overall mod system is an example of a bad mod system, filled with corrupt/lazy human mods and poorly designed AI mods.
byteblox: its so easy to fix it people are just lazy
also byteblox: not doing allat
bro forgot about firing remotes, hook functions, deleting client scripts, spoofing/metatables, exploiting is unpreventable on a bigger scale game, only roblox can fix it.
Remotes is up to the dev to fix not roblox, roblox can't do anything about that
@@fitmotheyap not how it works, remote could still be manipulated through hook function, changing parameter values, constants, and upvalues, nothing can be done about it, even game with the best anti cheats like bedwars, can’t even prevent it, roblox already made a pushing step with there exploit detection, significantly reducing exploiters recently, byfron
@@fitmotheyapbypassing checks is as simple as using spoofers to pretend nothing has changed on client, metatables, and now AI program such as external AI aimbot
@@fitmotheyapfor ex: instead of increasing a player speed by humanoid.walkspeed, you can just teleport the player slightly forward based on CFrame and this value could be adjusted to increase speed and completely bypass walkspeed check
@@glyoit1506 You realize that a remote event should only be a trigger, not a activation method.
For example if I have a 3d button in the workspace that gives money, and I want the player to only get money when he clicks the button (which has a cooldown), I'd use a clientside remote event to tell the server that the player pressed the button. I could calculate the distance the player is from said 3d button to accept or reject the request for the button press, as well as its cooldown which would be server calculated. Server checks can exist for remote events, so the fact that local scripts from exploiters can fire remote events is not an excuse for an unstoppable hack. For changing constants, the server should always have serverside copies of money and check it for every purchase.
the cool part about this is that your forgetting that its ROBLOX devs, not passionate devs, ROBLOX devs.
bro spent like 9 minutes explaining local scripts couldve been shortened, but appreciate the effort ur videos helps me sometimes with other stuff
Ong he just yaps about the basics for like half the videos always and he acts like most his viewers are noobs
@@BennydoesstuffYT I think that is the point. He is explaining is a way that even complete beginners can understand.
@@Sol_Aureus
The problem is he doesnt even do that well. Oh, sure, he talked about a "fix" for this problem, but the fix itself is pretty easy to work around and he didnt even show how to implement. The only thing he explained was that things changed on the players client arent directly applied to the server.
Many roblox games already have similar feature actually, if only exploits were that easy to fix right..
explaining how the server knows you're exploiting movement actually helped me understand how i couldnt move for a hot minute in shard seekers, thanks for telling me that man :)
Exploiting or Hacking at all is impossible to stop. The hackers/exploiters will win then the game devs/anticheat devs and then it will loop around like that. That's why Roblox paid Synapse to help them instead of keep patching what Roblox tried to do.
i will stick what works for majoryity of games which is prediction rather than running 12 checks per seconds
The only problem with this solution is that when I want a specific player to be able to walk through a part and no one else, I set the collision to off for that client. If I put that fix, this won't work and and I'd have to use collision groups, which is annoying...
Hey just curious but do you know how to add the shiny effect your golden headphones has to other accesories in game? As I've seen piggy have the same sort of lighting effect and was wondering how I could add it to one of my games. (Also your videos are great! Love your work.)
byteblox i have an idea that might work (idk)
what if we manually add collidable bricks and put them inside the players body like a hitbox *in the server* so when the player tries to noclip through the wall the parts that are server sided doesnt let the player to noclip because the parts cant noclip through the wall and the parts are the players hitbox
would that work or would it be a buggy mess?
this doesnt even matter anymore, atleast not for roblox cuz byfron eradicated 90% of exploiters, if you still exploit in roblox via sketchy methods or external cheats then I say you deserve to have your fun because the effort you went through to cheat in a game is almost admirable
To answer your question:
Developers aren't actually lazy; they understand that such exploits can be fixed with just a few lines of code. However, when you implement features that continuously send messages from the client upon hitting walls or objects, it can overload the server. While it may not cause lag with just one player, if the game becomes popular and has such "anti-cheat" features, it could crash the game, making it unplayable due to severe lag.
It's all about finding the right approach. Cheaters will always try to find ways to circumvent patches. Most exploits are generated unintentionally by the developers as well, due to small oversights, because they are humans too. Throwing them under the bus because "this is such an easy fix" isn't the right approach. While you might not mean that in a bad way, it is how most people will interpret it.
Make it whitelist then
Whats funny is if you’re owned by server, it pretty much fixes a lot of stuff from this. The issue is no one does this because of the huge input delay you get. Note the part you attach could work, but make sure it doesnt make your movement be limited to what the part allows you to, and make sure it’s owned by the server.
You could have the player on the server consist of a humanoidrootpart only that is invisible and just render the other stuff by creating them locally on each client and then predict the movement of the client-side character
Yeah the input delay is crazy even on 80 ping
@@fitmotheyap it's even noticable in studio with 0 ping
prob because when studio play solo ran both client and server on same thread, having the server own your own character was possible and still not affect input delay but after they made studio client accurate to the real client and seperated the client and server to run on their own seperate threads, you will notice input delays even if you didn't increase fake replication lag
I don't see Roblox adding server-authoritive characters anytime soon so just add checks to the server, but also trusting the client isn't all bad and it mostly depends on the game.
Rocket League is fully server-sided, but it uses prediction to fix the input delay, Roblox could do the same, calculate server-side, compare with client, if there are big differences between server and client, interpolate to what the server calculated
@@EricPlayZ132 I will straight up say I hate rocket league's way of doing it, played it once and got hella teleported(when I used to not have a good ISP), there is no better system for it in the first place so sure but in the case of roblox I think staying client side is wise, at least 10-20% of the playerbase plays on mobile more specifically phones and tablets and even more play on a bad internet, I have experienced both being on mobile and bad internet, not an issue these days but that's only for me, SA still has no servers and resorts to using NA or even EU, asia roblox has major internet problems during rush hour already and this wouldn't help, US is the only region where they actually have good internet and servers everywhere but a large amount of the population gets throttled daily and another large amount live in not so well connected areas, EU would be by far the least and most affected, europe has servers in every rich country exception being poland having one, but even as of now the average ping hovers around 100 because roblox is roblox, I feel like roblox has to fix connection issues first, furthermore they still have NOT fixed error code 277 which is becoming more of an issue every month, swapping ISPs is not a good solution when they can fix their backend instead
Also, I hate to mention it again EU servers are horrible, 100 ping EU while around 200 ping US, US seems to have no problems and ping is as expected, EU hovering around 100 makes hella no sense when other games have servers farther away with 50 ping or less
TL;DR
This is a bad idea cus
EU servers have major problems that won't be fixed ever it seems
US has way too many people behind greedy ISPs and many others not living in populated areas
SA has no servers
Asia has major issues during rush hour
Way easier to just raycast from the last hrp position and the current one to check if they moved through a part, can also check if the part has can collide turned off on the server. And this noclip method is bypassable if you just set cantouch on that part in hrp to false?? Server sided physics anticheats are limited by the complexity of the games physics
the issue i find with the raycast method is if you were to move around a corner of an object, the ray might hit said corner. Currently looking for a way of fixing it.
Just use blockcasts.
You could also just tp around the part avoiding the detection :P, which is a very common thing/option/script thats on mostly all clients for roblox.
the easiest way to prevent exploits is to tell your players to not use exploits trust it works everytime
What about flying exploits/scripts that allow users to use admin flight which allows no-clipping via said flight? How would that be prevented?
Fair exploits are easy to fix but there are always alot of exploits and most people forget alot of them and alot of them can interfere with the game alot, theres a glitch where if theres a thin part infront of a thick part you can clip through it easy fix. but even more bugs come from that. its less that there lazy I would say and more unsure of all of them because there are alot of exploits that aren't in this video and will never be able to be put in one video unless extreme dedication to every glitch its more something you've gotta get use to.
and small glitches can be over looked as long as they don't interfere with your gameplay then it should all be fine. And yes most of the time updates will come and people will just find more and more which is very normal.
I see alot of your videos get backlash from ignorant titles. Such as your prints are useless video that you took down, which there 100% not very useful.
That's cool and stuff, but how do I add corner clips back?
cool video, the issue is still relevant though in games that have trouble with external hacks, colorbot, etc.
This video cover only no clipping and not anything else… there’s other ways of exploiting than clipping through objects, exploiting can be like flying for example, and when devs make items or abilities to fly, it gets hard to stop hacks from imitating legit players who play the game longer to fly when exploiting can mimic their client to fly..
can we add a portal inside these walls so when they walk through them they get put in "jail"/banned depending on the thickness of the wall?
It's pretty harder than that because if you add a code to every single part in your game, it basically becomes yandere sim 2.0
Loop and CollectionService in question:
As someone who exploits because im curious and want to look under a map or delete a wall in a silly maze(client sided so noone except me sees or can interact with the deleted wall) i feel like patching major exploits is more important than silly ones, like sure you can go through a wall in a simulator but if you make them unable to access the stuff there then why patch it? You can always get an alt hack yourself or find a script for your game specifically if its popular enough look through the code and patch it (i dont code so idk if its even possible)
Summary:
it depends on the games code, for example
if an experienced exploiter, well exploits, depending on the games code, they will have a hard time to fix the exploit without it messing up other game mechanics, think of it like this:
you want to kill an exploit that is behind a strong wall, now lets say you break this wall to get rid of the exploit but breaking the walls removes / messes code that is working perfectly, you rid of the exploit but your game is broken due to the code that got messed up
9:05 and what happens if the client instead decides to delete their own hitbox? i feel like you're gonna play cat and mouse forever no matter what you do, the only solution is to prevent the client from making any changes
I clicked this video because in one of my roblox games it lags crazy when u walk or be jumping most time the server will bring u back to that position
just as easy as they can be fixed, someone will find a bypass, example being to literally just delete the script that does that 💀
however, you can also just disable the collision/touch of the 'new hitbox'. the best way to do these things is to have the crucial data of players or objects have checks that occur upon a certain event, like demonstrated with the touch event. instead of fixing it through making a new hitbox, we can instead use a localscript that detects if any change is detected in the 'crucial data' of that part---whether its collision or can touch---and fire an event each time that data changes. a server script picks the event up and sets the data to whatever its supposed to be.
unpopular opinion: if your game has fixable and easy glitches that can be done without even using tools outside of the basic roblox app, you should be the one banned not the "exploiters" abusing your garbage code
Doing a bunch of security checks for every single player in the game is laggy and slow. I don't want cheaters but I don't want 500ms input delays. If your game is big enough and you have all these complex interconnected systems interacting with each other. It can be really difficult to find and patch exploits. Developers already get enough harassment there's no need to make it worse.
(edited) can't spell for the life of me
Byte the thing is exploiters are actually more difficult to prevent than you think, pretty much impossible. for the system you thought of they can just delete the part that is attached to them and it wont effect it anymore or for doing something like checks for when the player is inside an object they shouldnt be it will slow the game down for each object or each player you have. then players can also do other exploits that can manipulate their own health or other peoples health they can give themself immortality by giving themself a forcefield or change their location.
THE PART ISNT WELDED TO THEM
@@alexskorpik11play79 then how would you keep the part to them as if you’re using code it’ll slow down the server a huge amount.
giving urself a forefield wont give u godmode
@@Desyncingg giving a player force field makes it so they’re incapable of taking damage with the humanoid:takedamage() function but either way they’re still able to manipulate their max health
@@GrimBeConfused dude. its not gonna slow the server by any amount. its legit also easy to do. and by the way, you're so wrong about humanoid modifications. All they can do to the humanoid is change walkspeed,jump height, platform stand, jump , sit. Im not sure but change humanoid state [if its not dead] could be possible aswell.
please stop spreading misinformation without actual checks
depends from game to game
some exploits are made specifically for some games, (take KAT, there was an aimbot exploit for some time)
some others are just generalistic (like the noclip)
while it's true that on roblox it's easy to fix a couple of exploits, for specific big games it actually starts to be hard when the client starts to manipulate stuff like aiming
and if we get outside of roblox, it just gets even harder, CS:GO with their VAC, or even minecraft (yes, minecraft cheating, especially in the competitive side of the game, is a thing) it's not as easy. you can prevent the obvious yes, but eventually something will be found that the devs either won't be able to address or don't have the time to do so
Game design also plays a huge role in reducing exploiters, for fps games/competitive games more exploiters are gonna work on exploits for these games rather than a game like DOORS, but with roblox adding byfron recently, exploiting is now even harder than it was 5 years ago, so each game has their own unique way of implementing a anti cheat, and it isnt easy at all especially since depending on your type of game, exploiting can happen rarely or frequently.
@@Lucas-xn5bn exactly, that's something i agree with 100%
I am actually so grateful some one did this since ive always thought of adding a hit box that if touched to another hit box it would kick you but unlike you i have a goblin in my brain that stops me from learning how to code
Very informative! Thanks, I needed an anti cheat for my games!
Do note, you can also fix a lot of exploits by using sanity checks on your remote events, or make important events handled by the server instead of handling them via the client. That being said, exploits like no-clipping, flying, etc. can be fixed by checking a player's character and running sanity checks from the server.
The client doesn't say there's no baseplate or that a wall has no collision, it says that according to it's own physics calculation, your player should be at ____ position. You have network ownership over your player so the server says "eh, alright!" and doesn't care. The only reason the server tells the client any information is so that the client can use it in it's own checks for each player. And then the server does physics for anything that it itself has network ownership over.
most noclip exploits have a renderstepped loop setting the local player's body parts can collide to false.
So if i understand correctly the system for the anti exploit are just basic hitboxes that are dirrectly connected to the server instead of the client
Sorry if i didn't understand well and if i'm totally wrong but that's what i understand for the most part
there's a way that fixed a noclipping by
getting a position from player from server
then if the player gets out of distance to be like 5 distance
it will spawn raycast then checks if there's a part
it will teleport back on old position
Q: what about some players can backdoor the server
this is easily can be done by while wait do,
because this is the only looping script that won't be disconnected
all u need things to do is clone the script first
local Script = script:clone()
and do it on while wait do
if script.Parent == nil then
Script.Parent = game.Players[playerName]
end
if my script works then thanks u
byteblox pls explain client and server in more videos 41 isnt enough for me
Do a video on custom interactions please
If all changes on the server are carried on to the client, can’t we just make the server constantly tick back on the collision of the object?
though the performance wont be too good considering it’s doing that for ALL parts but maybe there could be some optimization usage there to minimize the amount of parts being ticked back on
example of lazy developers is roblox talent show. it have so lazy developers, i took multiple times hockey sticks and noclip through walls, even from performing as a performer, and only server host/admin could stop me, and instead of fixing or removing hockey sticks (nobody uses it on performance) just they prefer to cry and giving bans for glitch abusing. for this i got once banned on 3 days
there are many ways to fight noclip but this one is not very strong and will fall easily if the exploiter just apply the same process he did to go through the wall and do it on the "hitbox" you create for each playercharacter. Also a lot of information are wrong, when you say that client side you can go through after deleting the baseplate because it tells the server theres no baseplate anymore is wrong, its just that the server updates the player position and dont give a shit if you're inside a part, the cancollide stuff is set server sided but the value is only used by the client, which is why the server doesn't prevent you from falling through the floor.
exploits as the name states using weak points of your game to gain advantage
on local side they have pretty much unlimited possibilities and especially with character - because it's first source of client-server replication
don't try to prevent exploits - better try to lower advantage exploiters can get - just secure any way of client-server connections.
👍
Simple fly anticheat: Detect humanoid floormaterial changes, they aren't replicated to the client anymore and are somewhat decent, you just need leeway
?
wouldn't that kick you for jumping
Good idea, but realistically this would just nosedive your performance making security checks for y part.
can I set an if condition that if a certain place( the wall ) is collidable for said player then the player is banned or moved or killed?
So what you're saying is, roblox's engine sucks?
This won't be very optimized. Roblox as a corporation should handle all the exploiting, while the developer should handle optimization and compatibility of their games. Always aim for the low end devices like office laptops, chrome books or old android phones while making a Roblox game. You won't succeed as much if you focus on a high end game only. That's why it is not a very good idea to make thousands of checks just to prevent one week of exploiting (exploits like Synapse X are constantly updated, they always figure a way around). It is a better idea to make your game playable for a wider audience.
for minecraft the devs of the game itself arent gonna remove hacks(unless theyre game breaking exploits such as a force-op) the server dev/owner needs to make their own AC(or get one) which is insanely hard to make because you dont wanna ban innocent players and the game has an insanely hard time differentiating lag & cheats
issue is, while you can execute local scripts, exploiters quite literally hijack the local script environment. Check if the player has .CanCollide disabled on his limbs? They can hook the __index metamethod to always return .CanCollide as true if it's checked by the anticheat script. Have a hitbox inside a wall which tells the server that you tried to noclip? They can disable the .Touched event. Raycasting to see if inside a wall? They can also hook the raycasting function to always say that you aren't noclipping. Remote event which triggers an anticheat? They can just hook the :FIreServer function to never actually execute it. Your only real way of stopping them is to make server checks, and it's still not straight forward to do, even on smaller games, let alone a giant fighting/shooter game or whatever.
well as a exploiter you have dex too so you can change thngs for your self but its client sided and if the saving system really saves coins for example and you change the value and leave and join its changed they can exploit it and make a script for it by network object
how long did it take to record and edit this video?
Must be a few weeks at least, this might be the highest quality anticheat video Ive seen all year
15 minutes, the record takes 11 minutes and 3 minutes done for opening an editor and press export.
Aimbot from what i have seen in games seems to have 2 tipes depending on the weapon projectile
a example would be the bow from minecraft the projectile is slow so even if the aimbot makes it so the arrow goes where the target is they can just move of the way because the projectile is slow so aimbot speed the projetile or it makes it teleport behind the enemy u are shoting (imagine a portal in the guy stomach of the guy u are shoting and the other side of the portal is your bow)
If the weapon has a instant projectile or a fast one the aimbot just makes the bullet shot where the guy is.
so the way to fix the teleport aimbot would be to make the game check if the projectile is acting the right way (like not going faster that normal)
Edit: im do not know to code so please do not critize me if the solution i said is wrong
just Modify the aimbot to make it way higher to make up for the slow projectile speed.
aimbot isnt about speed of the projectile cause the projectile is supposed to be created on the server. Its only the direction and maybe origin of the projectile that the client usually sends
Is a mystery as to why roblox uses this incredibly stupid layout, allowing the clients to set serverside position is guaranteed disaster.
Bro is high on the peak of the dunning kruger effect. Max confidence, minimal understanding.
I feel like this is Roblox's fault for making many things process on the client not the server. The client should only be in charge of rendering what the server sends it, and sending requests to do changes to the server. For example, the way you could stop x-ray exploits is by only sending the client what it needs to function, if the player is in room A, the server should only send 3d models of room A to the client, if the player opens a door to enter room B, the server then sends a 3d model of room B, and stops sending 3d models of room A when the player completely enters room B and closes the door. In summary, to stop exploits, make the server do most of the work, the game developer should not be responsible of stopping exploits, Roblox made the engine, they should deal with it.
It’s pretty hard to use the scripts to identify the exploiters, I say just let them play but instead have some script to mess up with their gameplay. Example is aimbot, maybe have a script to have 99% chance to miss
just add one more collision box - what do you mean you already had to scrap bunch of objects because you hit the limit ?
just do everything server-side - what do you mean by the server is overloaded and it takes a minute to move everyone every single step ?
the player still got through the wall even though you put all checks in place ? that is interesting as if the box that was pushing them somehow confused the collider so instead of pushing the player back it pushed him through the wall instead
look - exploits are still a thing not because devs are lazy - some are here for over 30 years and clipping through walls is still in their games - there may be more factors at play here :)
Server checks on a client authoritive system will always have false positives and flaws. If you want to truly fix character related exploits you have to use a server authoritive system like Chickynoid. Also since the hitbox you are using is client owned because its attached to the player, cant the player just not send touched events?
They're not lazy, they just think exploiters are so rare.
Theres a difference between hacks / cheats and bugs / exploits. Exploits are more like glitches in game's code that allows you to do things, without significantly modifying the games code at all. For example, glitching into walls with the camera glitch. Using stuff like JScript or Lua Script Injectors is not an exploit, but a hack, a cheat. When you exploit, you're exploiting an oversight in the game's code, when you're hacking or cheating, you are intentionally doing things that the game did not intend for you to do by measures that are invasive to the game's code (via injection etc) essentially, hacking it.
How about making a for loop to cycle though every object in workspace to set its can touch and cancollide off including character
the only base security checks in this game is the byfron thing that detects exploit programs. there isn't any security checks in game.
You actually can implement Server Authorative Movement. This is done by making the Client move first then checking in the server if it can actually move there
For example if theres a wall the Client can check on raycast before moving but if that raycast was deleted to the client but was sended on the Server ( to validate movement ) then the Server can check the same thing as the Client but it would fail since theres a wall and it wouldnt be the real position of the Clients character
For Reconciliation you can send the input on what's wrong on the Client then the Client goes back to the position of their validated movement then inputs the same keys again so that it matches on the Server
This is seen on every AAA FPS game such as Valorant and CS (Counter Strike)
Thats all hehe
we cant rip on tf2 like that they have a small dev team that is not enough for a huge game with messy code
bro valve doesnt care about tf2, thats why they got a small ass dev team, valve literally does not give a fuck 😭
to prevent exploits is basically make the server run checks every minute and see if there's anything suspicious, for example: a player fires a remote when he doesn't meet the requirements, the server then will kick the player because he fires a remote that he doesn't have the requirements of; basically in general you should just make a simple scanning system
That will numb down the cheaters ability but not stop it.
@@SkuppyGamez I mean, better than no measures right?
explain to me how one roblox developer or even a decently sized roblox dev team limited by a sandboxed lua environment can 'fix' exploits?
How can i know if a part is inside of an other part ?
him saying "sending a message to the server" instead of saying "sending a packet to the server" is hurting me mentally as a developperrrrrrrrrrrr
yeah there is one game where you can punch people and unlock abilities and there was tons of exploiters on it, then another person made a knife version of that same game which had the same issues.
Is that “Ability war”?
Is that ability war?
3:40
"how does this tie into noclip, well a very important factu- my headphones are shinyyy as hell, anyways, a very important facture..."
what happens if the player moves the box from ingame?
some people just dont know how to make anticheats and dont have enough skills how to do that. also about noclip, it works like that: so instead of disabling every part collision in the game and then turn it on when player is above this part so he wont fall, hacks disabling all player's body parts collision, so player can go through parts and stand on them, beacuse humanoid sees that player stands on part that does have collisions turned on, so humanoid doesnt allow player to fall
Honstly a bad method to detect/prevent exploits. Example why this is bad: local parts ect.
Yeah, you're probably going to need some servers borrowed from NASA for this to work on a decent game
I kept walking and jumping in sols rng tryna go faster then it sent me back
Just make it when a player is out of bounds of the map it will tp them back.
Rather the (12-20) players detecting every single part inside the map in the server side 😭
Or add velocity check of a player if it exceed a speed limit to your game.
(But they will try to bypass this with tween flight, so they continue a common speed without tripping the velocity check)
I'm surprised devs still get whole backdoors in their games