omaraa
|
  |
| Joined: 23 Sep 2010 |
| Total Posts: 440 |
|
|
| 07 Jul 2013 10:15 PM |
Ok so, I have seen a lot of exploiters in games for the past few days/weeks.
I know that there are a lot of scripters out there trying to make an anti exploiting script that can help a lot of people, but I have come to conclusion that well, there isn't a script out there that can help a lot of people make there place safe for everyone to play on, because well a lot of people have many different things in there place and have there own way into making there game and if you make something in a anti exploit script and someone takes it then it happens to have the opposite functionality than the person needs for the place it can brake and maybe even do something bad in the game, but if a player makes a anti exploit script for his/her own game it can work because the person knows what the place will have and knows what he/she needs to do in the script.
I have been thinking if I should make a group on roblox, a team of expert scripters that can take in orders from other people so they can make an anti exploiting script for places. for an example, if someone were to come to my group and ask for a person to help them make an anti exploiting script, We can assign someone or someone can volunteer to help, once they start they can get to know the place and how it functions and once they know they can make a script that can help the person.
Of course if you would like to be a member that helps others you have to agree to some rules, and those rules can be like, you will not take anything or steal any ideas from the person you are helping, you can't tell others that a member in the group is not good and you are better, etc.. and if a member brakes those rules we can very well assure you that they will be exiled and reported to roblox for stealing or anything of that sort.
I would like to get supporters before I take action and make the group. so please post here, if you have any suggestions or support. |
|
|
| Report Abuse |
|
|
|
| 07 Jul 2013 10:17 PM |
| Have you ever heard of commas and periods? |
|
|
| Report Abuse |
|
|
omaraa
|
  |
| Joined: 23 Sep 2010 |
| Total Posts: 440 |
|
|
| 07 Jul 2013 10:18 PM |
| Yes i have and i don't really want to use them when i don't have to. |
|
|
| Report Abuse |
|
|
1waffle1
|
  |
| Joined: 16 Oct 2007 |
| Total Posts: 16381 |
|
| |
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 07 Jul 2013 10:23 PM |
"a team of expert scripters that can take in orders from other people"
Shouldn't the experts be the ones GIVING the orders? |
|
|
| Report Abuse |
|
|
omaraa
|
  |
| Joined: 23 Sep 2010 |
| Total Posts: 440 |
|
|
| 07 Jul 2013 10:25 PM |
| No that is not what I mean, I mean like getting others to tell them what they need. |
|
|
| Report Abuse |
|
|
1waffle1
|
  |
| Joined: 16 Oct 2007 |
| Total Posts: 16381 |
|
|
| 07 Jul 2013 10:31 PM |
| No, to tell "them" what *you* "need." |
|
|
| Report Abuse |
|
|
|
| 07 Jul 2013 10:38 PM |
| I've already created a pretty good anti-exploiting script that implements pretty much the functionality of ROBLOX's replication filtering API but by reverting every single disallowed change instead of preventing them in the first place (since there's no way to prevent them in the first place). It makes it pretty much impossible to do anything that it shouldn't be possible to do. The only problems are that it cannot revert changes to protected properties, which exploiters can edit, and that it cannot bring back objects the Destroy method was called on, since their parent property is locked. Other than that, it completely prevents exploiting. |
|
|
| Report Abuse |
|
|
Xedrak
|
  |
| Joined: 01 Jan 2013 |
| Total Posts: 68 |
|
|
| 07 Jul 2013 10:52 PM |
| This is the dumbest thing I've read in a long time. As ColorfulBody said above, it's totally possible to create a universal anti-exploiting script. |
|
|
| Report Abuse |
|
|
omaraa
|
  |
| Joined: 23 Sep 2010 |
| Total Posts: 440 |
|
|
| 07 Jul 2013 11:01 PM |
Well thank you very much Xedrak...
Sorry for trying to make a community of helpers. |
|
|
| Report Abuse |
|
|
| |
|
|
| 07 Jul 2013 11:47 PM |
To clarify and push further what Xedrak said, it is entirely possible to create a complete, universal and definitive solution to exploiting. For us, it isn't (because of the two limitations I mentioned in my earlier post and some more), but for the ROBLOX developers, it certainly is.
The reason exploiting is so simple on ROBLOX is because the ROBLOX software on the servers trusts everything the clients send to it. In a game that isn't a sandbox game like ROBLOX and where what can be done by clients is clearly defined, the developers can just only allow certain instructions to be given to the server by clients and reject all the instructions that do not comply. However, ROBLOX is a sandbnox game. Game creators can write scripts that will run on either the server or on clients. The former don't cause a problem, since the server cannot be compromised. However, the latter does cause a problem. Some games may contain weapons that use local scripts that will modify other players' health. Because of this, ROBLOX needs to allow clients to modify player health in all games, just because of the games where there are weapons that use local scripts that need to be able to modify other players' health. The situation is similar for all things that local scripts can do right now: just because it is possible for a local script to need to do this or that particular thing, ROBLOX needs to allow all clients in all games to do it because its software cannot guess what local scripts will need to do.
Regardless of how many patches ROBLOX applies on the client software, it will still be possible to exploit. Anyone with enough time and patience could create his own client software for ROBLOX that allows him to send any request to ROBLOX game servers. As long as these game servers accept the requests, he'd be able to do pretty much anything, and ROBLOX couldn't patch his client software since they wouldn't control it. The only solution is to control the requests that are sent to the server and to reject those that should not be accepted. However, this is difficult to do since not all games need local scripts to be able to perform the same actions.
There are two solutions: - Allow game owners to tell the game server what clients should be allowed to do. (this is the idea behind the replication filtering API) - Disallow local scripts from doing stuff they shouldn't be able to do. (this is the idea between not allowing local scripts to deal with badges, data persistence, etc.)
The former of these solutions is the most flexible, but it requires work from game owners and it is requires more resources since all requests need to be filtered separately. For these reasons, ROBLOX has decided to discard it. The second solution is more limited. It consists of just disallowing local scripts from doing things that they shouldn't generally need to do. There is a limit to how far this can be applied, though: while it is possible to not allow local scripts to use some services and methods, there are things that can be abused by exploiters but that cannot be restricted from local scripts simply because it is sometimes legitimate and normal for local scripts do to these things. Changing the health of other players, for example. While it would be reasonable to prevent local scripts from applying any change to the starter pack, the starter gui and the marketplace service, since things that have to do with these services should generally be handled on the server anyway, it would not be reasonable to prevent local scripts from changing the health of other players, since many guns need legitimately to do that using local scripts. Exploiters can then abuse this by killing players repeatedly in games where there isn't any local script that needs to kill players in the first place. |
|
|
| Report Abuse |
|
|
dekkonot
|
  |
| Joined: 22 Dec 2010 |
| Total Posts: 6685 |
|
|
| 07 Jul 2013 11:52 PM |
| All Roblox REALLY needs to do is make it so Local Scripts all have a saved hash when the game is created that is stored server-side that is checked on all scripts everytime it is ran... |
|
|
| Report Abuse |
|
|
blocco
|
  |
| Joined: 14 Aug 2008 |
| Total Posts: 29474 |
|
|
| 08 Jul 2013 12:11 AM |
| What you have to do is make a function in a localscript that must be called in order to modify things; this function call must contain the localplayer as an argument, then the object, the property and the value. If things are modified outside of this function, it is unauthorized |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2013 01:09 AM |
you know what would be great
if roblox patched exploits within a reasonable timeframe so skids couldn't run around pretending to be ubar leet haxors for months |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2013 01:55 AM |
^ That Roblox doesn't care because it doesn't affect them. |
|
|
| Report Abuse |
|
|
STFMAN
|
  |
| Joined: 21 Dec 2011 |
| Total Posts: 2075 |
|
|
| 08 Jul 2013 03:30 AM |
Free Anti-Exploits scripts will work pl0x?
☭ {STFMAN The USSR Politic} ☭ |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2013 04:12 AM |
So, you want to be owner of this one group and earn money with it.
We are not slaves working for free. |
|
|
| Report Abuse |
|
|
bohdan77
|
  |
| Joined: 10 Aug 2008 |
| Total Posts: 7944 |
|
|
| 08 Jul 2013 08:19 AM |
| @Colour How much does your anti-exploit effect performance? I remember Merely saying that the replication API effected performance. |
|
|
| Report Abuse |
|
|
omaraa
|
  |
| Joined: 23 Sep 2010 |
| Total Posts: 440 |
|
|
| 08 Jul 2013 11:21 AM |
@apd Ok I did not say that what at all, and no I didn't say we are gonna do it for money, and yes I will be helping out, and no I dont want you guys as my "slaves".
You know what just stop posting here as the post clearly stated that my idea is rubbish. |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2013 08:07 PM |
> @Colour How much does your anti-exploit effect performance? I remember Merely saying that the replication API effected performance.
A lot. It was meant to be used as a demonstration, as an example, not as a solution by itself. It works better than all the so-called anti-exploit scripts out there, and it actually works pretty well, but it obviously slows down the game (actually, the version that uses ItemChanged, DescendantAdded and DescendantRemoved on the DataModel doesn't slow it down much since it doesn't need to connect thousands of events). The problem isn't as much with performance as with it not being a very elegant solution. If ROBLOX provided an API for it, that would be an elegant solution, but it'd still have an impact on performance, and it'd still need to be configured by game owners, which is also a problem. |
|
|
| Report Abuse |
|
|
dekkonot
|
  |
| Joined: 22 Dec 2010 |
| Total Posts: 6685 |
|
|
| 08 Jul 2013 08:10 PM |
@OP
You made a mistake by even suggesting that we do anything together. |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2013 08:18 PM |
Good Guy Sorcus Sees spam and users trolling Trolls also and doesn't lock thread |
|
|
| Report Abuse |
|
|
|
| 08 Jul 2013 08:20 PM |
And I look stupid since this is the wrong thread =D Just imagine this is actually the 'Hiring a Scripter' thread. Shhhh. No one else noticed. |
|
|
| Report Abuse |
|
|
Sorcus
|
  |
 |
| Joined: 29 Nov 2010 |
| Total Posts: 3775 |
|
|
| 08 Jul 2013 08:57 PM |
Let's hash and check all LocalScripts with server before we execute them in the VM and of course let's ignore the part that the exploit involves directly injecting code into the Lua buffer and is not at the script level.
Any magic we do here will affect performance enough that you wouldn't want that. But then again some of you might be okay with that since you don't make any actual stuff.
-- Sorcus |
|
|
| Report Abuse |
|
|