generic image
Processing...
  • Games
  • Catalog
  • Develop
  • Robux
  • Search in Players
  • Search in Games
  • Search in Catalog
  • Search in Groups
  • Search in Library
  • Log In
  • Sign Up
  • Games
  • Catalog
  • Develop
  • Robux
   
ROBLOX Forum » Roblox » Suggestions & Ideas
Home Search
 

Re: A anti-cheat system

Previous Thread :: Next Thread 
henrylol2 is not online. henrylol2
Joined: 15 Apr 2009
Total Posts: 352
26 Aug 2014 03:17 AM
I haven't played Roblox in a couple of years and I noticed that there's still hackers! I've been seeing how and what they use to exploit and what can be developed is a anti-cheat system (like Valves VAC but different)

I've created a cheat engine terminator in C# and was wondering why can't roblox create a "cheat system" embedded in their game? Whilst the game is running, it will check the processes on the system to see if any cheat related processes are running; if so it will just disconnect you from the server.

Here's a couple of ideas I thought off which make a whole anti-cheat system.

You can start off with cheatengine.exe and then make it report the list of processes back to Roblox as a diagnostics report to the server - as you continue to add more processes.

Then when there's a hack you can monitor the chat logs for a person simply saying "hacker" or the report abuse logs and then see the diagnostics logs on the same time, date, server which process has been running, then block that process and/or signature.

Most applications have the developer signature on the executable, even if you change the name of cheatengine.exe to ,something like, msupdater.exe the signature of the msupdater.exe is not Microsoft Corporation but Cheat Engine.

Then if you have a lot of server space and bandwidth, you can use a very advance script to see if there are player changes by capturing each movement of the character and see if there's a change but this wouldn't work on ROBLOX due to scripts, GUIs. But if a user is running a admin gui and the others aren't - there's a very good chance there's a exploiter but you can see if there's a admin script on the actual place; just to make sure the creator isn't administrating his server. This would be very effective if someone uses a script to make everyone say NOOBS! (I saw these on some videos)

The LUA Usage diagnostics which you currently use, can also be used as a anti-cheat. If there's a massive change of scripts running (i.e the exploiter has deleted most of the game) over time (as in a hour later; just to make sure that the user hasn't used a script to delete a script) you could make a notification to a admin/moderator to check the server.

After creating a huge list of serials (many ISPs uses dyanmic IPs, so a hardware ID e.g. a special serial for that computer cannot be changed unlike the IP with a proxy), you can monitor these users or flag them for future reference.

You can create a MD5 or SHA256 to see if the Roblox executables (.exe's) or (.dll's) have been modified every 5 minutes, if so, there's been hack. You can verify the user's .dll/.exe's with the orginal file's md5/SHA256's. This would run client aside so there's no bandwidth being used.

My last idea for this system is to check the User's DNS (ipconfig /displaydns), though its very argumentative for the privacy of the users - however, other companies are doing this. If a "hacking" site is being viewed then there's a great chance the person is a exploiter. But the flaw with this is the exploiter can flush his DNS (ipconfig /flushdns)

My ideas may have some flaws but it's better than nothing.
Report Abuse
mathsman49 is not online. mathsman49
Joined: 28 Jul 2014
Total Posts: 1488
26 Aug 2014 03:27 AM
That is impossible.
Report Abuse
henrylol2 is not online. henrylol2
Joined: 15 Apr 2009
Total Posts: 352
26 Aug 2014 03:29 AM
It is. Roblox runs C# and I've created a similar thing. Sending processes to the server can be done with SQL databases. The rest is just C# client aside.
Report Abuse
NorModder is not online. NorModder
Joined: 27 Jan 2012
Total Posts: 10755
26 Aug 2014 03:30 AM
Sounds neat. I support.

Have you tried turning it off and on again? - Roy
Report Abuse
LordHenryVonHenry is not online. LordHenryVonHenry
Joined: 17 Apr 2011
Total Posts: 169
26 Aug 2014 07:46 AM
You have no idea how many times I have suggested the idea of detecting whether a user has certain processes open like cheat engine, on this account on many others...
so many people have said "oh that's impossible to do" etc.
It is EASY, I know tonnes of games that do it.
Before you say "It would need admin access" Warframe uses a system to detect if cheat software is running, and that does not need anything of the sort.
Before you say "People would find a way around it"
They would, but the fact is, it would be much more complex to exploit than it is currently, so the people who just watch tutorials, would start to give up as the tutorials would get a lot harder.

The simple fact is, IF you care about developers making more good games, you need to stop them spending half of the time developing anti exploit scripts for their game, why not just get a few people a week to go on youtube, list all the exploits, and find a way to stop them, a EASY thing to do, is look what the username of the person making the tutorial video is, terminate them, and that's one less person to make tutorials.
Report Abuse
cyburg is not online. cyburg
Joined: 23 Sep 2011
Total Posts: 1094
26 Aug 2014 07:49 AM
Best idea evea.
Report Abuse
henrylol2 is not online. henrylol2
Joined: 15 Apr 2009
Total Posts: 352
31 Aug 2014 01:10 PM
Seemed like this needed a bump.
Report Abuse
clubb12 is not online. clubb12
Joined: 07 Apr 2010
Total Posts: 627
31 Aug 2014 01:12 PM
Hackers cannot be stopped indefinitely. We can only reduce their ability to hack. Using scripts, or patches.

@RBLX_Clubb12
Report Abuse
henrylol2 is not online. henrylol2
Joined: 15 Apr 2009
Total Posts: 352
31 Aug 2014 01:13 PM
Yes they won't be stopped as there's flaws... But it would make it a heck of a lot harder; they might bother not to anymore.
Report Abuse
clubb12 is not online. clubb12
Joined: 07 Apr 2010
Total Posts: 627
31 Aug 2014 01:19 PM
The most we can do is prevent.

@RBLX_Clubb12
Report Abuse
Floppyeagle is not online. Floppyeagle
Joined: 03 Oct 2011
Total Posts: 5
18 Oct 2014 08:53 PM
TL;DR
Report Abuse
tylerfever1 is not online. tylerfever1
Joined: 30 Apr 2009
Total Posts: 114
18 Oct 2014 08:55 PM
It is not up to ROBLOX to fix peoples games, if there are exploiters in a said game, then it is up for the developer to fix it.

ROBLOX is hosting the server, people come to ROBLOX to learn life skills in LUA and building, ROBLOX cannot hold your hand through this process, there are already LUA scripts for anti-cheat, but it is up to the developer to consider if they should use it or not.
Report Abuse
LordHenryVonHenry is not online. LordHenryVonHenry
Joined: 17 Apr 2011
Total Posts: 169
20 Oct 2014 02:30 PM
There is a svere limit to what Lua script can stop, it is the flaws in roblox's system that often allow the exploits to happen, just because something could EASILY be fixed by Roblox, doesn't mean it is EVEN POSSIBLE for developers to fix using lua.
Report Abuse
TrollerBuilder is not online. TrollerBuilder
Joined: 22 Jul 2014
Total Posts: 3113
20 Oct 2014 04:13 PM
If it has to do with Cheat Engine 6.4 no support. Because I like this tool although I don't use it. It's pretty dumb how Roblox doesn't allow cheats and every other game does in my opinion.
Report Abuse
GeneralFlame183 is not online. GeneralFlame183
Joined: 06 Jul 2013
Total Posts: 587
20 Oct 2014 04:16 PM
Check when this thread was made. They won't respond to you.
Report Abuse
films is not online. films
Joined: 31 Oct 2008
Total Posts: 60
01 Dec 2014 08:25 AM
Bump
Report Abuse
trainyay is online. trainyay
Joined: 19 Jan 2012
Total Posts: 5617
01 Dec 2014 09:28 AM
Support.
Report Abuse
Danieltck is not online. Danieltck
Joined: 05 Feb 2011
Total Posts: 4792
01 Dec 2014 09:29 AM
Lol Roblox is to lazy to do this. They only want money, add a way they can get money out of this.
Report Abuse
henrylol2 is not online. henrylol2
Joined: 15 Apr 2009
Total Posts: 352
02 Jan 2015 12:19 PM
Thought I might bump this even though its quite old. For those who have problems reading (I saw a post with TL:DR) just google it.

More ideas below;

Obscured Prefs

Instead of blatantly showing these exploiters the values of someone's heath by a simple scan of health, why not obscure the values with randomly generated hashes. I.e. un-obscured text would be like health, obscured text with SHA256 62484e22a6a5ade1ba25cb1b7c55c4b8861de24caddab73c9409742734008b26 . Though this is very unsafe due to the fact of sha256 decrypters, but obscure it multiple times with different algorithms and then salt the values.

DLL Injection prevention

As mentioned in my first post, integrity checks. Not only checking the hash of the roblox executable but also debugging the executable whilst its running, if the log shows up with a .dll executable running which is not one of Roblox's (Core files) or Microsoft (DirectX graphics) then the game just closes the connection for that person. This is possible because Roblox and Microsoft .dll's have been digitally signed and a .dll that someone makes is not digitally signed and will never have a copied signature due to hash changes and companies which sign .dll's to refuse.

Some form of expansion upon integrity checking from my first post

Lastly, integrity checking the process ROBLOX is run on. If Roblox is run on the process explorer.exe , this is running within the Windows Desktop, if it is run on a different process, e.g. cheatengine.exe then it is obviously running for exploitation purposes.

All this CAN BE DONE right now without very little programming. Use a debugger (which they have) and make it debug these extra things which involve my ideas. All of my ideas are client a-side and not server a-side - meaning it would cost them nothing but time.

If this is all done - only enthusiastic hackers could hack now, because it is so hard to break now :)

And yes, I know that ROBLOX won't consider these ideas but it is a start to grab the attention of the staff.
Report Abuse
ExamHacks is not online. ExamHacks
Joined: 12 Jan 2014
Total Posts: 734
02 Jan 2015 01:39 PM
Roblox runs C++, not C# you craptasket.
Also the fact that it's easy to recompile Cheat Engine with a different name, or use an Hex editor against it.
Report Abuse
ExamHacks is not online. ExamHacks
Joined: 12 Jan 2014
Total Posts: 734
02 Jan 2015 01:41 PM
By Hex Editor I meant that it's easy to open the executable and replace all instances of Cheat Engine with another string, such as Fheat Target.
Report Abuse
henrylol2 is not online. henrylol2
Joined: 15 Apr 2009
Total Posts: 352
03 Jan 2015 05:06 AM
Yes CE is open-source and that means we can take the source code and recompile it to another language and change all of the CE strings and stuff to some value like what you said. But I did talk about other ways of preventing this from happening such as checking the integrity of the executable by seeing if it's running within explorer.exe or cheatengine.exe/recompiledexecutablenameblahxyz.exe . Also if we encrypt the client -> server connection (this is server a-side) then these values cannot be seen by CE in the first place! Roblox already own a CA signature, why not use it within the connection side. Nobody could break the encryption keys, unless they were sophisticated hackers.

So what if Roblox is using C++ and not C#? Its still possible in both languages from my viewpoint, and should be because C++ is more advanced.

Then once again, today's Roblox hackers are kid-scripties and not sophisticated hackers because they follow guides on how to hack - with these types of "anti-cheats" it will be very hard and long that they probably wouldn't bother anymore.
Report Abuse
Nteorvolri is not online. Nteorvolri
Joined: 03 Jan 2013
Total Posts: 51733
03 Jan 2015 05:14 AM
>anti-exploit scripts
Report Abuse
zguy12 is not online. zguy12
Joined: 08 Feb 2014
Total Posts: 238
03 Jan 2015 05:31 AM
I stop hack months ago
Report Abuse
pawtracks is not online. pawtracks
Joined: 12 Jan 2009
Total Posts: 107
13 Jan 2015 03:52 PM
Roblox should not look at players processes or know what a player is running.

That is a complete violation of privacy on so many levels.
Report Abuse
Previous Thread :: Next Thread 
Page 1 of 1
 
 
ROBLOX Forum » Roblox » Suggestions & Ideas
   
 
   
  • About Us
  • Jobs
  • Blog
  • Parents
  • Help
  • Terms
  • Privacy

©2017 Roblox Corporation. Roblox, the Roblox logo, Robux, Bloxy, and Powering Imagination are among our registered and unregistered trademarks in the U.S. and other countries.



Progress
Starting Roblox...
Connecting to Players...
R R

Roblox is now loading. Get ready to play!

R R

You're moments away from getting into the game!

Click here for help

Check Remember my choice and click Launch Application in the dialog box above to join games faster in the future!

Gameplay sponsored by:
Loading 0% - Starting game...
Get more with Builders Club! Join Builders Club
Choose Your Avatar
I have an account
generic image